The real issue here is Rust's flat namespace. In Go, for example, there's no ffmpeg crate, there's github.com/someone/ffmpeg and gitlab.com/someone-else/ffmpeg, and so on. There's no blessed, unique 'ffmpeg' package, you can't squat names, and if the first package gets abandoned, you can fork it under a new path while keeping the 'ffmpeg' name. Only the import path changes.
How does having more namespaces address the other half of the issue, of having multiple incomplete ffmpeg crates and having to decide which one to use and to support?
Not entirely true. Rust (cargo) supports git-based crates and more crate sources than just crates.io (registry = "crates-io"), however crates on crates.io doesn't currently support dependencies with crates in other registries.
Now instead of having the 2nd and 3rd packages have ugly names all of them have ugly names!
There are advantages to systems like this such as trust (I can tell that you.example/pkg1 and you.example/pkg2 are owned by the same person) and decentralization. But I don't think it helps with the later packages having ugly names.
Go did exactly that, where Maven's 'Project group identifier' is an URL you control, e.g. github.com/<your-account> but also <your-website>/go-pkg or whatever you want. Other languages did this too. Flat namespaces are more of a Rust issue (among newer languages).
Java's package identifiers doesn't work at all, since organizations are far more transient than code (Like, even Sun doesn't exist anymore). And even if my organization still exists, one would think I should be able to hand over code to someone else, without them having to claim that they're me.
For extra bonus points, the Java directory structure being built around it is just silly, related code ends up far away in the directory tree, just because you went through a rebranding or a merger.
One reason in Julia for having an organization with multiple repositories is how unnecessary is in Julia to have big packages. It is better to have smaller more focused packages and combine them as necessary. Julia needs to improve some things but I don't think I have found a more modular language.
This is a short and well-articulated proposal about improving Rust crates (library) management, not what one would expect from the title. While the exact mechanism may not be the right one, I think this is a worthwhile discussion that ultimately adds more hierarchy to avoid multiple versions of half-baked crates and forks.
Microsoft solved this in COM. Your component gets a 128 bit class ID, and its interfaces also get 128 bit IDs. It's registered under that ID, and queried by that ID.
It doesn't matter what you call it, and what the files are called; two COM objects could both be FFMPEG.DLL or whatever (obviously not installed in the same directory).
When it comes to packages, users interact with the names and are used to writing names into their code when they specify dependencies, so it's not a complete no-brainer solution; but maybe some idea from that solution space could be worked into a package management system.
> But it’s sad that one person gets to gatekeep everyone else and say, “This is abandoned, I’ll keep the crate name so now you have to make a worse one or be creative.”
Wouldn't reusing the name of a package that is no longer maintained create chaos for programs that use the discontinued package.
Maybe it's not simply one-sided gatekeeping from the former managers of the package?
No, but it is equivalent of autoexec.bat like functionality. You can use it for many many things like viruses propagation, content control and even it is helpful for users ! ;)
It's just like giving external users self-modifing code access - asm, lisp, js - let's they upload it and we execute ;)
vocx2tx|4 months ago
stmw|4 months ago
kazinator|4 months ago
It would be confusing and counterproductive to introduce, say multimedia_libs/ffmpeg because codec_libs/ffmpeg was discontinued.
A level of hierarchy does when projects in genuinely unrelated categories share a package name.
burnt-resistor|4 months ago
https://doc.rust-lang.org/cargo/reference/source-replacement...
crates.io could be updated to support alternative registries.
kevincox|4 months ago
There are advantages to systems like this such as trust (I can tell that you.example/pkg1 and you.example/pkg2 are owned by the same person) and decentralization. But I don't think it helps with the later packages having ugly names.
lenkite|4 months ago
https://maven.apache.org/guides/mini/guide-naming-convention...
These problems simply wouldn't exist.
vocx2tx|4 months ago
pjmlp|4 months ago
Java and .NET have a couple of good ideas even if they aren't fashionable any longer.
kryptiskt|4 months ago
For extra bonus points, the Java directory structure being built around it is just silly, related code ends up far away in the directory tree, just because you went through a rebranding or a merger.
adalacelove|4 months ago
stmw|4 months ago
phoe-krk|4 months ago
kazinator|4 months ago
It doesn't matter what you call it, and what the files are called; two COM objects could both be FFMPEG.DLL or whatever (obviously not installed in the same directory).
When it comes to packages, users interact with the names and are used to writing names into their code when they specify dependencies, so it's not a complete no-brainer solution; but maybe some idea from that solution space could be worked into a package management system.
kazinator|4 months ago
Wouldn't reusing the name of a package that is no longer maintained create chaos for programs that use the discontinued package.
Maybe it's not simply one-sided gatekeeping from the former managers of the package?
jasonjmcghee|4 months ago
adastra22|4 months ago
Woodi|4 months ago
It's just like giving external users self-modifing code access - asm, lisp, js - let's they upload it and we execute ;)
#DONOTSENDCODE Manifesto, where ?
unknown|4 months ago
[deleted]