Broken curve pin via rc.2

[pinkforest]

This results in incompat API between x/curve.

• x25519-dalek rc.2 did not pin to curve25519-dalek rc.2
• x25519-dalek rc.2 is now picking up curve25519-dalek rc.3 and breaks some builds
• x25519-dalek rc.3 fixed this pin in 53e5d9 but rc.2 remains broken

I think the only action that could be taken is to yank x25519-dalek rc.2 with the broken non-pinned curve dependency.

This should not as far as I remember break anyone using --locked in dependency bin which may have old rc.2 in lock ?

This makes it so nobody new will use it and instead use x25519-dalek rc.3 or pre.1

Unless the Scalar API changes #120 between rc.2/3 would be reverted and leave it for next major - which I would not recommend.

Another option would be to release new set of release candidates w/o Scalar #120 change and then Scalar #120 change on top but this could be highly confusing with the versions and could create even a bigger mess.

Could also release "fixup" rc.2 but dunno how that would work with SemVer ?

If someone needs a patch release that is not rc.3 -

e.g. could 2.0.0-rc.2+fixup1 work that utilizes the "build" construct in SemVer ?

[rozbb]

Good catch. I'll yank rc.2

[rozbb]

Yanked.