mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

383K
active users

“every rust project has a billion dependencies”

oh no they made code composable oh nooooooo should we call someone??

rust has a lot of problems, but let me tell you: “micro libraries” isn’t one

splitting packages per concern is good for build performance, it’s good for review, it’s good for API evolution.

the problems are technical (compiler perf), financial (funding OSS), human etc.

@fasterthanlime while micro-libraries still irk me a bit, my issues with them are not really anything i actually worry about

the major issue with the rust ecosystem is the lack of integration with the rest of the system: vendoring every dependency, no easy way to update them without patching the lockfiles of every package a distro may ship, static linking only, randomly building vendored and possibly outdated c libraries inside build.rs (one of the worst ones), etc
@tedmielczarek @fasterthanlime disagree, specially for distros

but even if you drop the static link point on my post, everything else is way more problematic, vendoring and lockfiles, building random c libs in build.rs

@navi @fasterthanlime I fully agree that build.rs is a nightmare. Everything else you describe is the standard tension between project developers and distro maintainers that is as old as time. 🙂

@tedmielczarek 1.80 releases, breaks the time crate, we at gentoo now have to hunt every rust package that uses directly (or indirectly via a library) and patch the lockfile to use the new version of time

if this was c, c++, or python, or similar, we'd bump the time crate package and maybe trigger a reverse-dep builld, that's it

but rust, (and go and nodejs stuff too, to be fair) require manual patching to bump a dependency, it's kinda really sad and a bit ridiculous imo

@navi I hear you. All I can say is that the needs of software developers and distro maintainers have long been in conflict, and I don't think there are easy answers that make everyone happy.

@navi @tedmielczarek And that's with time being merely broken, not something like a security issue in a widely used crate (and pretty sure so far most distros just ignore this when Rust is involved).