[rust-dev] Deprecating rustpkg

Lee Braiden leebraid at gmail.com
Fri Jan 31 16:03:17 PST 2014


On 31/01/14 23:03, Tony Arcieri wrote:
> Can anyone point to a real-world example of a dependency resolver 
> which can produce solutions which may-or-may-not contain multiple 
> versions of the same library?

This would be counterproductive.  If a library cannot be upgraded to 
1.9, or even 2.2, because some app REQUIRES 1.4, then that causes 
SERIOUS, SECURITY issues.

The ONLY realistic way I can see to solve this, is to have all higher 
version numbers of the same package be backwards compatible, and have 
incompatible packages be DIFFERENT packages, as I mentioned before.

Really, there is a contract here: an API contract.  To break 
compatibility is to break that contract.  This is a bug, and shouldn't 
happen.  If you want to make something incompatible, you simply 
shouldn't call it the same name as the thing it's incompatible with.  No 
more than you should sell a knife as a bottle-opener.  They do not 
fulfill the same contract, and to say they do is false advertising.

-- 
Lee



More information about the Rust-dev mailing list