Adding rsa dependency introduces non-additive lazy_static feature that breaks other code

[eric-seppanen]

This is the same problem as #219, but since that issue wasn't fully evaluated, I wanted to add my report, with a bit more context.

Dependency chain:

• rsa depends on num-bigint-dig
• num-bigint-dig depends on lazy_static with features = ["spin_no_std"].

lazy_static's spin_no_std feature is non-additive; it causes lazy_static to replace use of std::sync::Once with spin:once::Once. This may seem like a harmless replacement, but:

• spin::once::Once<T> has different trait bounds. Namely, it only implements Sync where T: Send + Sync while lazy_static using std::sync::Once only requires T: Sync.
• This means that anyone using lazy_static on a non-Send type will see their code break if the spin_no_std feature is enabled.
• Adding rsa as a dependency to a large workspace means that every crate in that workspace now gets the modified lazy_static code using spin with stricter trait bounds.

This is currently happening to me: I added rsa to a large workspace, and that change causes compile errors in unrelated (previously working) code:

error[E0277]: `*const u8` cannot be sent between threads safely
    --> image.rs:25:1
     |
25   | / lazy_static::lazy_static! {
26   | |     pub(crate) static ref HELLO_IMAGE: Option<ImageBuffer> = {
27   | |         let image_bytes = std::fs::read("hello.png").ok()?;
28   | |
...    |
36   | |     };
37   | | }
     | |_^ `*const u8` cannot be sent between threads safely

I'm not sure how to handle this, but it would be nice if there were a feature in rsa (and num-bigint-dig) to disable this behavior. As it is, I'm unable to add an rsa dependency unless I fork+patch num-bigint-dig.

[tarcieri]

Seems like this needs to get resolved in: dignifiedquire/num-bigint#56

[tarcieri]

Note this will also be addressed by #390