WingNews logo WingNews
top | item 47129821

(no title)

dabinat | 6 days ago

I think an issue hindering Rust adoption is ecosystem immaturity. So many crates are pre-1.0, or just basic wrappers around a C library. There are good crates for core things like cryptography, but finding something production-ready for something like SAML is tough.

discuss

order

overfeed|5 days ago

> There are good crates for core things like cryptography

Speaking of cryptography, I've given up on setting up a Termux Python dev environment on an old Arm tablet, because some package has a dependency on the 'cryptography' module, which apparently requires the whole Rust toolchain to build. In a Python project. On a platform with limited storage. The documentation suggests pre-built binaries are an option, but I couldn't figure it out the last few times. It left me with a bad taste in my mouth.

billyjobob|5 days ago

Sometimes it works if you install an old version of the cryptography package from before they introduced Rust.

oconnor663|6 days ago

I wouldn't read too much into pre-1.0 versions. Folks take SemVer pretty seriously, and that makes some folks reluctant to declare v1.0 even when a crate has been in use and "mostly stable" for years. There can also be compatibility issues with a 1.0 bump if a crate's types are common in public APIs, e.g. the `libc` crate. I'm a big fan of the curated list of crates at blessed.rs, or honestly just looking at download numbers. (Obviously not a perfect system.)

ninkendo|6 days ago

IME, a 1.0 version is usually when a project starts taking backwards compatibility seriously. A pre-1.0 library may be plenty stable enough in terms of bugs, but being pre-1.0 means they’re likely going to change their mind on the API contract at some point.

That is the major problem for me… I don’t actually mind that much if a library has bugs… those can always be fixed. But when a library does a total 180 on the API contract, or removes things, or just changes their mind on what the abstraction should be (often it feels like they’re just feng shui’ing things), that’s a major problem. And it’s what people mean when they say “immaturity”: if I build on top of this, is it all going to break horribly at some point in the future when the author changes their mind?

People often say “just don’t update then”, but that’s (a) a sure fire way to accumulate tech debt in your codebase (because some day may come when you must update), and (b) you’re no longer getting what could be critical updates to the library.

rascul|6 days ago

gettext took over 30 years to get to 1.0 last month.