From 6de873badadedd804137cfdd4dcc392618485803 Mon Sep 17 00:00:00 2001 From: Brian Smith Date: Wed, 25 Oct 2017 17:20:42 -0700 Subject: [PATCH] Don't enable DNSSEC or ipconfig by default in -resolver. It is too easy for a library to accidentally add an OpenSSL dependency through Trust-DNS by using Trust-DNS without disabling the default features. This is especially bad because a library that hasn't consciously chosen what to do about DNSSEC won't provide any APIs for controlling if DNSSEC is used or how to configure its use (e.g. configuring trust anchors). The same applies to the ipconfig configure. Resolve both by defaulting to not having these features. --- resolver/Cargo.toml | 1 - 1 file changed, 1 deletion(-) diff --git a/resolver/Cargo.toml b/resolver/Cargo.toml index aad56ec02b..03b858126b 100644 --- a/resolver/Cargo.toml +++ b/resolver/Cargo.toml @@ -37,7 +37,6 @@ appveyor = { repository = "bluejekyll/trust-dns", branch = "master", service = " coveralls = { repository = "bluejekyll/trust-dns", branch = "master", service = "github" } [features] -default = ["dnssec-openssl", "ipconfig"] dnssec-openssl = ["dnssec", "trust-dns-proto/dnssec-openssl"] dnssec-ring = ["dnssec", "trust-dns-proto/dnssec-ring"] dnssec = []