Python cryptography, Rust, and Gentoo
Python cryptography, Rust, and Gentoo
Posted Feb 11, 2021 21:52 UTC (Thu) by roc (subscriber, #30627)In reply to: Python cryptography, Rust, and Gentoo by logang
Parent article: Python cryptography, Rust, and Gentoo
Effectively Rust wants developers to vendor everything, but a lot of work has gone into Rust+cargo to solve a lot of hard problems. For example:
cargo provides simple commands to update a dependency to the latest version, usually as simple as "cargo update" or "cargo update -p <library>".
cargo makes it easy to override a (possibly indirect) dependency with a patched version, via "[patch]".
rust-sec/advisory-db collects CVEs for Rust libraries and you can configure the cargo-deny tool to automatically break your build if one of your dependencies has an outstanding CVE.
Rust is designed so that by default linking multiple versions of the same library into a single binary works fine (always undesirable, but sometimes a necessary last resort).
The LWN site is currently under high scraper load, so comment display has been suppressed for anonymous users. If you are a human, you may read the comments by clicking the button below:
Note: you can avoid this step in the future by logging into your LWN account.