top | item 27940409

(no title)

galadran | 4 years ago

> It is not fun but frustrating to work in Rust.

Deeply subjective. Rust has been the most loved language on Stack Overflow for 5 years in a row now.

> add a new huge dependency

Sure, but setting up Rust is much much easier than GCC with all the trimmings.

> As an exemple, there is a common package in python that decided to start having their module in Rust instead of C. Now a lot of users of the module are pissed off, with good reason, because you can't build/install the module anymore in a little bit older or non conventional distributions.

Assuming you are referring to pyca, you are mistaken and there has been a lot of misinformation about the change. Rust support is needed to build the module, but not install it. Pyca works just fine for users without rust and works everywhere rust does. Users on niche CPU architectures which haven't been sold commercially for 15+ years were the only ones impacted.

discuss

fnord123|4 years ago

The problem with pyca cryptography was that Python users are not in the habit of using lockfiles which meant reinstalling venvs picked up more recent versions of transient dependencies. That and that they made the change in a minor update and non wheel users got caught out.

FridgeSeal|4 years ago

That people weren’t version-pinning critical dependencies was the most eye-opening thing about that whole affair. The tools to make this easy have been available and well-used for years, don’t have a lot of sympathy for them.

greatgib|4 years ago

> Users on niche CPU architectures which haven't been sold commercially for 15+ years were the only ones impacted.

This is kind of the root of the problem, when you are kind of a hobbyist dev wanted to work with the latest shinny new version of everything, then everything is fine.

But when you try to do different things that are not mainstream or doing embedded, then you understand why sometimes you have to keep old software or hardware.

Rust like go are made for a connected world, where you are always upstream, always connected to get the latest versions, and it's ok to do breaking change to the language every few years.

Did you ever try to build a Linux from scratch? Trying to fit some build or runtime constraints? Then you learn the real cost of each dependency that is added and of their complexity.

Imagine you had that much dependencies to build a kernel, probably this much of memory, CPU and storage used. Now you need to add rust, its dependencies, other tools related to it. Each dependency possibly not supporting your system or configuration or require their own library dependencies in a new version that is maybe conflicting with older versions already used by the system. And that you can't change without breaking other existing programs in the system. And maybe you can fix these other applications to support the new version of the library but you just wanted to "update" your kernel and not spend 10 days reworking your system unexpectedly because a stupid update required it.

FridgeSeal|4 years ago

It’s worth pointing out that a lot of those “weird” old chips weren’t formally supported anyway, and the the fact that the software worked on them was a convenient fluke, and by design or intention.

brandonmenc|4 years ago

> Deeply subjective. Rust has been the most loved language on Stack Overflow for 5 years in a row now.

How many of those votes were cast by programmers who have actually used the language?

jkelleyrtp|4 years ago

That particular metric is derived from "people who use the language outside of work and wish they could use it more at work." The survey doesn't explicitly say "which language do you love?".

Zababa|4 years ago

You could said the same for every language.

stevekemp|4 years ago

Could also be referring to the cryptography library which added a Rust dependency, which caused pain for people running ansible, and other downstream users.

woodruffw|4 years ago

> Could also be referring to the cryptography library which added a Rust dependency, which caused pain for people running ansible, and other downstream users.

This isn't true for the overwhelming majority of deployments, since pyca/cryptography was/is distributed as a pre-built wheel. There is no runtime dependency on Rust in pyca/cryptography; the only downstream change is that packagers are required to have a Rust toolchain.