On 01/23/2018 01:40 PM, Hadrien Grasland wrote:
Given Rust's immense productivity benefits in the system programming space with respect to C and C++, people are bound to use it. Much like they use bleeding-edge C++, Node.js, custom package managers like Maven and PyPI and all other kind of programming environments which make the life of distribution maintainers hard. It is unescapable, in the sense that you cannot simply wish the language and its implementation away from your radar, rant about every Rust-based package that you see pass by, and be done with it. What happens to librsvg today, is happening to gstreamer and other GNOME projects tomorrow, and at some point you will need to face the issue anyhow.
Well, I have seen in the past what happened when GNOME upstream was ignoring downstream complaints. There was a bug in gvfs-metadata that GNOME upstream insisted didn't exist and just kept closing the bug report in the RedHat bug tracker. At some point, a "strategic customer" ran into the problem as well. And, all of a sudden, GNOME upstream admitted their mistake and fixed the bug. So, I wouldn't see GNOME as a prime example on how software in the open source community should work. Plus, if you look at the number of forks that GNOME's decisions have triggered in the past (MATE, Cinnamon, Deepin etc), it clearly shows that this development model doesn't fly in the long-term. Also, I don't think that something like this will fly on the longterm with Linux distributions: glaubitz@suse-laptop:~/suse/openSUSE:Factory/librsvg/librsvg-2.42.0/rust/vendor> find . -name "*.rs" |wc -l 988 glaubitz@suse-laptop:~/suse/openSUSE:Factory/librsvg/librsvg-2.42.0/rust/vendor> This undermines the work of security teams in Linux distributions. At least in Debian, including third-party libraries instead of using the versions available in the distribution tree is not allowed. I'm very much surprised that this is apparently acceptable in openSUSE. If every Rust package is going to be like that in the future, I'll already sent out my condolences to anyone working on distribution security teams.
Given that, the next best thing to do after obliterating the perceived nuisance is to work on making the product better so that it fits your needs. This is what distribution maintainers have always done: if the project is not quick enough, write the patch yourself, and send it to upstream with a friendly note. Backport fixes from newer versions into the version that you distribute. Help the developer test on new architectures that the distribution supports. Ultimately, these kind of actions benefit the distribution too.
I think you are ignoring the fact that open source projects can also be forked and if GNOME/Freedesktop upstream is enforcing Rust onto its users before it's ready for prime time, you will see more forks happen. Debian (and therefore Ubuntu) is not going to adopt the rustified version of librsvg anytime soon. So, don't count your chickens until they are hatched :-). PS: I just tried building rust 1.23 on MIPS and POWERPC32 today, still fails. Adrian -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org