Mailinglist Archive: opensuse-packaging (94 mails)

< Previous Next >
Re: [opensuse-packaging] On how to improve Rust packaging experience for suse
  • From: Alberto Planas Dominguez <aplanas@xxxxxxx>
  • Date: Wed, 20 Nov 2019 10:08:22 +0100
  • Message-id: <3132933.pQCmlue5SJ@lena>
On Tuesday, November 19, 2019 1:24:50 PM CET William Brown wrote:
On 19 Nov 2019, at 20:43, Alberto Planas Dominguez <aplanas@xxxxxxxx>

For Kanidm (and any project that uses Rust) this means that the devel
version can compile on TW every day, but for Leap and SLE the version of
the project and the compiler cannot change, and the fixes needs to be
backported. This is aligned with how every product works: release and
backport the fixes.

The issue becomes fixes to vendored dependencies (of which there are ~200 I
think total. I directly have ~30 deps). Fixes to kanidm are simple to patch
and backport, but fixes for vendored code ... not so much. That's what will
really be the issue is rust has no concept of a security update vs a
feature one - and most crates treat them as the same - updates. So you will
have a vendor library that will both have security *and* feature changes,
which will quickly be a maintainers nightmare.

Vendoring can only be a temporary workaround until the crate ecosystem become
more stable in OBS : (

--
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5
90409 Nuremberg
Germany

(HRB 36809, AG N├╝rnberg)
Managing Director: Felix Imend├Ârffer
< Previous Next >