There's time until March for the maintainers of the 3 niche architectures to organize and make rust available for them. Doesn't sound that abrupt to me

[–] Treczoks@lemmy.world 41 points 4 days ago (1 children)

For small niches, six months can be rather aprupt.

[–] SlartyBartFast@sh.itjust.works 20 points 4 days ago

My niche can take 5 days or 5 months, depending on ADHD

[–] pelya@lemmy.world 1 points 4 days ago (1 children)

Wasn't there a Rust-to-C compiler that would circumvent this limitation?

[–] LeFantome@programming.dev 4 points 3 days ago

Yes. There is also a GCC front-end for Rust (does not go to C first).

[–] LeFantome@programming.dev 5 points 3 days ago

The timeline is not super abrupt, especially for architectures where all he is asking is to ensure that your Rust toolchain is in order. That is especially true when you consider that Rust is already well maintained on all the Debian architectures that people actually use.

The abruptness (almost rudeness) is in the second part where he basically says that, if you cannot get Rust going in time, you should just stop releasing Debian for that architecture.

It is mostly just poorly worded though. Because none of these architectures have “official” support even now. This will not be the only way they are behind. So, there is not reason to be so dramatic.

And that would be my response to him. Another option here is that these alternative architectures just continue to ship an older version of APT for now. Emergency avoided. Few of them ship with up-to-date versions of APT even now.

Another solution is to use one of the multiple projects that is working to make Rust code build with the GCC compiler back-end. At least one of these projects has already announced that they want to work with these Debian variants to ensure that APT builds with them.

So, the 6 month timeline is a reasonable impetus to make that happen which would be quite a good thing beyond just APT.

There are many other useful tools written in Rust you are going to want to use on these architectures. It will be a fantastic outcome if this pressure from APT kickstarts that happening for some of these long abandoned architectures (by the mainstream at least).

[–] ZoteTheMighty@lemmy.zip 8 points 4 days ago* (last edited 4 days ago) (1 children)

For package maintainers, it's reasonable to expect security updates are rolled out the same week that a vulnerability is found. If you can't deploy a new version of a package in 6 months, not maintaining the package is also a valid option.

[–] WhyJiffie@sh.itjust.works 1 points 3 days ago* (last edited 3 days ago)

but this is not a vulnerability, but adding a cpu architecture to a programming language

[–] iloveDigit@piefed.social 9 points 4 days ago* (last edited 4 days ago) (3 children)

Rust adds another layer of trusting the compiler isn't backdoored. All UNIX/Linux systems use the gcc toolchain, so having it written in C would mean less dependencies for the OS.

paraphrased from someone who seemed to know more about this stuff in this unrelated discussion yesterday

Strange times.

[–] aubeynarf@lemmynsfw.com 33 points 4 days ago* (last edited 4 days ago) (28 children)

how many compiler back doors have we seen versus use-after-free/stack overflow attacks?

The anti-Rust crowd baffles me. Maybe C++ has rotted their brain to the point they can’t “get” the borrow checker.

My only complaint is that its syntax is an ugly mishmash. Should have copied scala or f#

[+] Shanmugha@lemmy.world -24 points 4 days ago (1 children)

More like Rust has rotted someone's brain. "Hey, I can't code safely, so I will use this new toy that is supposed to make me". This line of thought is OK as long as it does not get imposed on anything I do as a programmer

[–] LeFantome@programming.dev 6 points 3 days ago* (last edited 3 days ago) (1 children)

The industry cannot code safely. There are many reports, studies, and corporate disclosures highlighting that memory related bugs are the primary source of critical security issues in C and C++ code. That is why even NIH companies like Google and Microsoft are adopting Rust in their core products.

That you want to publicly ignore all that evidence to paint it as an individual skill issue does not come across as competent or intelligent. Few of us are going to assume your code is free of these kinds of bugs.

The fact that your have to say it so dismissively makes me think that you know it too.

[–] Shanmugha@lemmy.world -2 points 3 days ago

Things are much simpler:

Want a bug free code - do bug free code. Spend time carefully evaluating every line and interaction
Want third-party code and safety - examine that code in the same way
Whatever you do, assume there is a bug in any software you use, so plan and organize accordingly
No amount of magic pills can substitute the above. So yeah, it is a skill issue. Also an issue of kids wining that there are bugs and they don't feel safe, so they want to cling to magic pills instead of dealing with the reality

load more comments (26 replies)

[–] eah@programming.dev 12 points 4 days ago

There's an ongoing effort to get gcc to compile Rust.^[https://lwn.net/Articles/907405/]

[–] vk6flab@lemmy.radio 7 points 4 days ago

This seems relevant:

https://youtu.be/Fu3laL5VYdM

load more comments (1 replies)