pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: rust - volunteers sought...
On Thursday, May 16th, 2024 at 1:41 PM, Havard Eidnes <he%NetBSD.org@localhost> wrote:
> > > I used to be against the idea of versioning but, I start to
> > > think it might not be such a bad suggestion.
> > >
> > > The major issue I see with this is that a lot of projects tend
> > > to follow Rust upstream to access new features. I already
> > > have two patches to force packages to use 1.76 instead of
> > > 1.77.2
> >
> > Yes, but this is a bug in the rust world, not a bug in pkgsrc. It's
> > basically a consequence of thinking that the combination of a singleton
> > implementation (effectively) and an unstable language spec is ok.
> >
> > We merely have to work around what is wrong with rust - as you are
> > doing. (Not sure why you said "force": do you mean a package that
> > builds with 1.76 and not 1.77.2, or a package that expects new and
> > you've patched it to be ok with older??)
>
>
> If I'm not terribly mistaken, the "insist on rust >= 1.77.2" came
>
> from a recent CVE disclosure which turned out to be a security
> issue only on Windows, ref. CVE-2024-24576.
>
> That had however the effect of several program maintainers
> installing "you must use a rust version without this CVE" into
> their setups.
>
> Regards,
>
> - Håvard
Correct!
Home |
Main Index |
Thread Index |
Old Index