README should mention the pinned version of boringssl
roblabla opened this issue · comments
Currently, the README says the following:
By default, the crate statically links with the latest BoringSSL master branch.
After reviewing the code, I think this is a bit misleading. By default, the crate statically links with a pinned version of boringssl, currently set to google/boringssl@f1c7534 .
I think it'd be valuable to make this clearer in the README. After reading the current README, I initially thought it was dynamically fetching the latest version of boringssl in its build.rs. In fact, there is a call to git submodule in a build.rs, but it seems to only run when depending on boring via git!
It'd be nice to have a few lines in the README clearly spelling out that, by default, the crate pins a specific boringssl version (and thus doesn't break reproducibility).
Yes, sounds like a good improvement :) happy to take a PR.