|
|
Log in / Subscribe / Register

Shared libraries

Shared libraries

Posted Nov 25, 2025 20:51 UTC (Tue) by mb (subscriber, #50428)
In reply to: Shared libraries by jhoblitt
Parent article: APT Rust requirement raises questions

That's not what actually happens, though.

Distros don't care about locked upstream dependencies.
And I think that's fine, if they always pick the latest compatible semver.
That tends to work very well in the crates.io ecosystem with only extremely few exceptions.

But distros often try to use older dependencies than locked upstream. Which is not Ok, IMO.

to post comments

Shared libraries

Posted Nov 25, 2025 22:35 UTC (Tue) by jhoblitt (subscriber, #77733) [Link] (2 responses)

I don't dispute that distros override Cargo.lock files but I don't agree that behavior is a feature. Changing a single dep version can also result in changes to transitive deps and my preference is that I am running the exact version of a software package which passed the upstream project's CI pipeline.

Shared libraries

Posted Nov 26, 2025 8:22 UTC (Wed) by joib (subscriber, #8541) [Link] (1 responses)

Case in point being Debian breaking bcachefs-tools by changing one of the deps to an older one.

Maybe there's a position in between "only one version of each library" and "whatever is currently in Cargo.lock across a hundred different projects"? E.g. some algorithm that could calculate the minimum set of versions to satisfy all the version requirements in all the Cargo.toml files that are used in the distro?

Shared libraries

Posted Nov 26, 2025 8:59 UTC (Wed) by zdzichu (subscriber, #17118) [Link]

Debian breakage should be caught by unit tests during the package build. But last time I've checked, there were no such tests in bcachefs-tools. Not exactly evoking confidence in its code.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds