We had to use Nix to build Rust services and make containers of them. It works pretty well, except with Nix 2.29 and 2.30 where it is broken for some reason
docker doesn’t really fail to build unless something upstream fails, like lib builds that don’t have the proper dependencies installed. I’d still count those failures as rust fails 😂
that said, I worked with a kid that was trolling rust package managers hard by squatting on common library names because they refused to resolve the issues of squatting. dick move but clearly educated me on the toxicity of the rust community and why I should avoid it.
a community that allows squatting to happen and does nothing to resolve the issue is going to be plagued with chaos in the future. it opens an attack vector for supply chain attacks and altogether breeds distrust in the platform entirely.
on the flip-side, a developer that squats on common library names in an attempt to garner support to resolve an issue and is ignored tells me two things;
this is normal enough that the community doesn’t feel the need to address the toxic behavior
the issue of squatting isn’t perceived as a high enough threat and they will take no action
in my case both of those observations tell me the community at large isn’t mature enough or forward thinking enough to allow me to use it as a solution. it also forces me to assume that the matter of toxic behavior will only continue to fester unchecked within the community.
I guess, that’s an opinion to have then. I interpreted your point about toxicity to mean something different.
I will say that it certainly isn’t the case that no one in the community cares about namesquatting. You can likely find lively discussions around that right now.
But I have to admit that I don’t concern myself with it too much.
The thing for me is that one of the solutions that people suggest (for some of the problems that namesquatting has) is namespacing. And Rust kind of already has that, because it’s already pretty customary to create basically meta-packages with feature-flags to pull in other packages transitively, meaning your users will only need to get one package name right.
Well, and the other thing is that the official package registry isn’t nearly as important in Rust as it is in many other languages, because you can also specify dependencies by providing the URL to the Git repository, with no registry involved. It’s mostly just for visibility that you’d stick something onto the official registry.
I’m working with some Rust right now that is 100% a big mess…
It’s consistently either the Rust or the Docker components that fail to build. In fairness, it’s a VERY big and complex application.
We had to use Nix to build Rust services and make containers of them. It works pretty well, except with Nix 2.29 and 2.30 where it is broken for some reason
If your setup doesn’t make it easier for you, choose a different setup.
docker doesn’t really fail to build unless something upstream fails, like lib builds that don’t have the proper dependencies installed. I’d still count those failures as rust fails 😂
that said, I worked with a kid that was trolling rust package managers hard by squatting on common library names because they refused to resolve the issues of squatting. dick move but clearly educated me on the toxicity of the rust community and why I should avoid it.
In my experience, the Rust community is pretty welcoming. Like, it’s actually a meme that trans women code in Rust for that reason.
just because they are accepting of people based on gender identity doesn’t mean toxicity cannot exist.
terfs are a great example of that.
Sure, but I’m saying in general. I don’t know why you’re so convinced of your position from the one experience you had.
a community that allows squatting to happen and does nothing to resolve the issue is going to be plagued with chaos in the future. it opens an attack vector for supply chain attacks and altogether breeds distrust in the platform entirely.
on the flip-side, a developer that squats on common library names in an attempt to garner support to resolve an issue and is ignored tells me two things;
in my case both of those observations tell me the community at large isn’t mature enough or forward thinking enough to allow me to use it as a solution. it also forces me to assume that the matter of toxic behavior will only continue to fester unchecked within the community.
I guess, that’s an opinion to have then. I interpreted your point about toxicity to mean something different.
I will say that it certainly isn’t the case that no one in the community cares about namesquatting. You can likely find lively discussions around that right now.
But I have to admit that I don’t concern myself with it too much.
The thing for me is that one of the solutions that people suggest (for some of the problems that namesquatting has) is namespacing. And Rust kind of already has that, because it’s already pretty customary to create basically meta-packages with feature-flags to pull in other packages transitively, meaning your users will only need to get one package name right.
Well, and the other thing is that the official package registry isn’t nearly as important in Rust as it is in many other languages, because you can also specify dependencies by providing the URL to the Git repository, with no registry involved. It’s mostly just for visibility that you’d stick something onto the official registry.