|
|
Subscribe / Log in / New account

Packaging Rust for Fedora

Packaging Rust for Fedora

Posted Oct 31, 2022 17:37 UTC (Mon) by smoogen (subscriber, #97)
In reply to: Packaging Rust for Fedora by rjones
Parent article: Packaging Rust for Fedora

Having also gone through the birth of shared libraries in various OS's in the late 1980's... moving to shared libraries wasn't also because computer resources were extremely limited. It was also that you could have one version of libgzip on the system and when you updated it.. you didn't need to worry about the 600 applications which had it compiled statically in. [Which was what I spent 1 to 2 years dealing with even into the early 2000's when you would find that some subset system still had static libraries compiled in which were vulnerable to various 'crap'.]

I agree that shared libraries are not great and having to deal with dependency hell has been a side effect of it. However static binaries have not been great either. They both have tradeoffs which tend to get overlooked. I guess in the end all software is crap..

to post comments

Packaging Rust for Fedora

Posted Nov 1, 2022 9:31 UTC (Tue) by roc (subscriber, #30627) [Link] (3 responses)

For Rust, at least, it's easy to capture the list of dependencies for each statically linked binary and query those lists to see what needs to be updated.

Packaging Rust for Fedora

Posted Nov 1, 2022 13:10 UTC (Tue) by pizza (subscriber, #46) [Link] (2 responses)

Great, now what do you do when you don't have the full corresponding source code for that application and all of its statically-linked dependencies?

Packaging Rust for Fedora

Posted Nov 1, 2022 23:40 UTC (Tue) by ssokolow (guest, #94568) [Link] (1 responses)

Only crates.io admins can truly pull something from the site once it's published and they reserve that ability for things like legal compliance.

cargo yank keeps the package version available for download by any downstream package that has it in its Cargo.lock file.

Packaging Rust for Fedora

Posted Nov 2, 2022 5:00 UTC (Wed) by pabs (subscriber, #43278) [Link]

Crates don't necessarily contain source code, for eg the rand crate contains files generated by a Python program from another file. The Python script and the real source isn't in the crate, just in the VCS. Of course, the VCS could have the same issue, but that is a bit less likely these days.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds