-
-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Locking triomphe
is the wrong approach to preserving MSRV
#440
Comments
Thank you for your comment. We know it is not an ideal approach to lock dependency in older versions , but we had no other options.
Locking dependency in older versions may become a problem in the future, but no downstream user has reported yet. Meanwhile, some downstream users already reported problems with a newer version of the same dependency. Anyway. To prevent the potential future problem, I will remove |
Is there any reason why those downstream users can't pin It also seems like this approach of making users pin crate versions themselves isn't foreign to |
No. Anybody can pin
The main purpose to pin Our policy ensures As for |
As I said before, I agree with you that locking
Now it is August 2024 and Rust 1.76.0 is 6 months old. We now have following options:
I will take 2. because After writing my first comment on July 13th, 2024, I did some experiments to take necessary |
Ah, don't worry. I didn't mean to annoy you, but if you need help with integrating the vendored code, I'd be happy to help out. |
I don't think vendoring is the correct decision in any situation. How about talking to upstream about lowering their MSRV and committing your cleanups upstream? |
Seems like their MSRV bump was to make the behaviour more consistent/correct. I'm pretty sure they wouldn't reintroduce those kinds of things (which is a, quote, "longrunning potential soundness issue that got fixed with a new API") "just" to support an around half a year old compiler version. Issue commenting about this: Manishearth/triomphe#93 (comment) |
Okay, so even if this library vendored triomphe with a lower MSRV there would be soundness problems. I personally don't see any issue with the current situation of MSRV 1.76 and using upstream triomphe. |
Thanks for sharing your concerns. When we locked the
Now I do not have time right now, but I am still hoping I will have some time to work on it in coming weekend. So please let me try it. |
Rust will dead code eliminate any features not used, and forking will just mean you no longer get any fixes and maintenance... alongside leading to duplicate code being compiled if someone does bring triomphe in to their dependency tree somehow. This just seems like a very bad idea all around to me. |
Thanks for the detailed analysis of the issue. Currently, I am facing a problem with being able to use moka in the same workspace with swc_* libraries due to the triomphe versioning issue. Any update on #456 that could help here? Thanks. |
Hi. Sorry for the big delay on this issue. #456 is actually ready to merge, but I wanted to run some performance tests to ensure it will not introduce any problems. I will do it this week, and I hope I can release the next version of I had been having health problems since last summer and it made me unable to participate in OSS activities. I had to concentrate on my full time job. In early December, I took a series of tests and the cause of the problem was found. It turned out to be a side effect of a medication I had been taking for a year. I was in the early stage of rhabdomyolysis. My doctor switched me to a different medication and I am feeling much better now. |
OK. I ran the performance tests on #456, and am more confident on my implementation. Just FYI, in #456, I implemented our In last September, I measured compilation time on a real world project, and concluded that the compilation time increase by Also, in
|
Published [email protected] to crates.io. |
The recent release locked the
triomphe
crate version to>=0.1.3, <0.1.12
which kinda works(?) but isn't a good solution.IMO it's fine if, by default, the MSRV breaks if there is a simple way of getting the MSRV to compile (in this case, by adding
=0.1.11
to the manifest of projects that absolutely need the old Rust version).There have been prior examples where a version lock like this has broken compilation for many downstream users, such as with the
*-dalek
crates, wherezeroize
used to be locked (1, 2, 3, 4).MSRV should, in my opinion at least, not block new versions if there is a simple fix to getting that Rust version running.
The text was updated successfully, but these errors were encountered: