|
|
|
|
|
|
by groovy2shoes
270 days ago
|
|
|
> the rather chaotic and unprofessional (and potentially insecure) nature of the way Cargo project dependencies explode into a hard-to-reason-about mess. this is one of my biggest gripes, too. that alone has been enough to cause me to avoid Rust for projects wherefore it would otherwise be a good fit. you can pull in "one" dependency and find yourself downloading hundreds of gigabytes of zillions of tiny dependencies, sometimes the same one at multiple versions. it's by no means a problem exclusive to Rust, but that's no excuse. it's been a while, but my other major gripe was the way so many crates would require the nightly. the rust devs have done a good job maintaining backward compatibility between stable releases, but afaik there isn't any guarantee regarding the nightly. keeping up with the nightly is infeasible when each compiler release and all your dependencies needs to be vetted by your security team. i also long found myself disappointed by the lack of a real specification, but that one is relatively minor. less of a frustration. |
|
|
You'll be swimming up against the stream. But arguably it makes sense for certain kinds of projects. I'd classify OS kernel and DB internals development as being those kinds of projects, TBH. Keep your dependency set extremely minimal, vendor it, and avoid crates.io entirely.
I don't actually run into nightly requirements... ever? These days.
Progress on language specification is good https://github.com/rust-lang/fls