v0.8.0
uselesskey v0.8.0
TLS contract-pack and public crate-surface cleanup release.
What's new
TLS contract pack
uselesskey bundle --profile tlsgenerates a deterministic chain
fixture set with a valid intermediate-signed leaf plus four
negative classes (expired leaf, not-yet-valid leaf, hostname
mismatch, untrusted root). Per-fixture rejection expectations are
documented indocs/release/v0.8.0-tls-profile-design.md.cargo xtask bundle-proof --profile tlsproduces the release-
evidence proof artifact for the TLS pack, mirroring the OIDC
pattern.- Task-first how-to:
docs/how-to/test-tls-chain-validation.md.
Task-first user docs sweep
- Five new how-to pages covering common downstream test workflows:
Vault KV export,build.rsmaterialize, WebAuthn ceremony
validation, PKCS#11 mock fixtures, and webhook signature
validation. (#590-#594)
Public crate-surface cleanup
- 29 published-internal shim crates removed. v0.7.0 folded their
content into owner-cratesrp::*modules; v0.7.x kept the shims
as compatibility re-exports; v0.8.0 removes them entirely. The
v0.7.x crate versions remain on crates.io as historical records. - Migration guide:
docs/how-to/migrate-to-v0.8.md. Most users do
not need to migrate.
Publish-system hardening
- HMAC, rustls PKI, and PGP-native content moved from former compat
crates into ownersrp::*modules. (#595, #598, #599) - Rust 1.94/1.95 Clippy ratchets activated workspace-wide. (#505)
Toolchain
No MSRV change. v0.8.0 stays on Rust 1.95.
Claim boundary
uselesskey is a test-fixture layer. It is not production key
management, scanner evasion, or cryptographic assurance.
Evidence
target/release-evidence/summary.mdtarget/release-evidence/release-evidence.mdtarget/release-evidence/scanner-safe/scanner-safe-bundle-proof.mdtarget/release-evidence/oidc/oidc-contract-pack-proof.mdtarget/release-evidence/tls/tls-contract-pack-proof.md(new)target/mutation/nightly-receipt.mdtarget/xtask/perf/latest.md
See CHANGELOG.md for the full v0.8.0 list.