Re: rust - volunteers sought...

[Havard Eidnes <he%NetBSD.org@localhost>]

>> I used to be against the idea of versioning but, I start to
>> think it might not be such a bad suggestion.
>>
>> The major issue I see with this is that a lot of projects tend
>> to follow Rust upstream to access new features.  I already
>> have two patches to force packages to use 1.76 instead of
>> 1.77.2
>
> Yes, but this is a bug in the rust world, not a bug in pkgsrc.  It's
> basically a consequence of thinking that the combination of a singleton
> implementation (effectively) and an unstable language spec is ok.
> 
> We merely have to work around what is wrong with rust - as you are
> doing.  (Not sure why you said "force": do you mean a package that
> builds with 1.76 and not 1.77.2, or a package that expects new and
> you've patched it to be ok with older??)

If I'm not terribly mistaken, the "insist on rust >= 1.77.2" came
from a recent CVE disclosure which turned out to be a security
issue only on Windows, ref. CVE-2024-24576.

That had however the effect of several program maintainers
installing "you must use a rust version without this CVE" into
their setups.

Regards,

- Håvard