Re: rust - volunteers sought...

[pin <voidpin%protonmail.com@localhost>]

On Thursday, May 16th, 2024 at 1:41 PM, Havard Eidnes <he%NetBSD.org@localhost> wrote:

> > > I used to be against the idea of versioning but, I start to
> > > think it might not be such a bad suggestion.
> > > 
> > > The major issue I see with this is that a lot of projects tend
> > > to follow Rust upstream to access new features. I already
> > > have two patches to force packages to use 1.76 instead of
> > > 1.77.2
> > 
> > Yes, but this is a bug in the rust world, not a bug in pkgsrc. It's
> > basically a consequence of thinking that the combination of a singleton
> > implementation (effectively) and an unstable language spec is ok.
> > 
> > We merely have to work around what is wrong with rust - as you are
> > doing. (Not sure why you said "force": do you mean a package that
> > builds with 1.76 and not 1.77.2, or a package that expects new and
> > you've patched it to be ok with older??)
> 
> 
> If I'm not terribly mistaken, the "insist on rust >= 1.77.2" came
> 
> from a recent CVE disclosure which turned out to be a security
> issue only on Windows, ref. CVE-2024-24576.
> 
> That had however the effect of several program maintainers
> installing "you must use a rust version without this CVE" into
> their setups.
> 
> Regards,
> 
> - Håvard


Correct!