[Pkg-rust-maintainers] Bug#1027331: Bug#1027331: rust-openssl: Please update to v0.10.45
Jonas Smedegaard
dr at jones.dk
Fri Dec 30 15:35:30 GMT 2022
Quoting Sylvestre Ledru (2022-12-30 16:18:54)
>
> Le 30/12/2022 à 15:49, Jonas Smedegaard a écrit :
> > Quoting Sylvestre Ledru (2022-12-30 15:20:45)
> >> FYI, this isn't a mandatory upgrade for sccache. it works fine with the current version of rust-openssl from the archive
> >> (just like most of the sccache updates)
> > Thanks, I am aware of that.
> >
> > But upstream choosing to tighten not only Cargo.lock but also Cargo.toml
> > can only be interpreted as lack of promise that it will work.
> >
> > Occationally I initiate dialogues with upstreams challenging the sanity
> > of such (in my opinion too agressive) push for new libraries, but sadly
> > my experiences with Rust upstream developers having strong opinions
> > discourages my patience initiating such conversations.
> >
> > I would certainly appreciate if you, with your upstream hat on, relaxed
> > crate dependencies where needlessly tight. I consider that more hlpful
> > than comments in bugreports like this: Upstream agressive dependency
> > handling causes busywork downstream, with investigating sanity, and
> > patching sources, and filing bugreports like this.
>
> Unfortunately for Debian, this is the common way to do rust development
> for many upstream projects.
>
> We try to update often to new version of dependencies to identify
> quickly potential regressions in the various crates +
> dependabot makes this super easy.
Yes, it is super easy to not care about keeping variability as wide as
possible. That antipattern is not unique to the Rust community.
I suspect dependabot is less useful for binaries than libraries, because
the latter in more situations need to avoid variability in dependencies
to offer a non-variable API itself.
Please do consider being more careful upstream (regardless of how
popular sloppy maintenance is), to reduce busywork downstream.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
* Sponsorship: https://ko-fi.com/drjones
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-rust-maintainers/attachments/20221230/97c7b598/attachment.sig>
More information about the Pkg-rust-maintainers
mailing list