Hacker News new | ask | show | jobs
by weird_trousers 222 days ago
I don't agree with some points, but I share the feeling in terms of "failed promises".

The fact that most well-known Rust crates are becoming huge bloat are becoming a problem to me, which is something that has been critized years again by the community itself.

As an example, I still do not understand why simple HTTP crates require more than 50 to 70 dependencies to execute a simple GET call...
4 comments
aw1621107 222 days ago
> As an example, I still do not understand why simple HTTP crates require more than 50 to 70 dependencies to execute a simple GET call...

Looking at ureq [0], for example, its direct non-build/non-dev dependencies are (counting duplicates):

- base64

- flate2 (4 transitive dependencies)

- log

- percent-encoding

- rustls (26 transitive dependencies)

- rustls-pki-types (1 transitive dependency)

- ureq-proto (7 transitive dependencies)

- utf-8

- webpki-roots (2 transitive dependencies)

The vast majority of the raw dependency count comes from Rustls and related crates, and I'd imagine reimplementing a TLS stack would be somewhat out of scope for an HTTP crate. I'm not sure there's much room for substantial reductions in dependency count otherwise.

[0]: https://github.com/algesten/ureq

link
escobar_west 222 days ago
So let me get this straight. You want the benefit of being able to re-use other peoples' codebase by using an HTTP crate you didn't write. But you don't want those people to also use that benefit of depending on other crates.

Insisting that you should depend on code which itself has no dependencies is a bit hypocritical if you ask me. If you want a simple HTTP crate that doesn't have dependencies, you should follow your own philosophy of not using other crates and write it yourself.

link
vacuity 221 days ago
I think this is rather hostile. There is moderation from not using dependencies or from using too many dependencies. I don't think GP is advocating for no dependencies, either. Even vendoring and pinning dependencies provides benefits.
link
escobar_west 220 days ago
I think it's the perfect amount of hostility. People shouldn't complain about things given to them for free built by amateurs in their spare time. Including fewer dependencies adds more time to developer's effort. Including packages into std requires more work from the Rust team (mostly volunteers). If top comment isn't satisfied with the stuff given to them for free, they can make their own software.
link
MisterTea 222 days ago
> As an example, I still do not understand why simple HTTP crates require more than 50 to 70 dependencies to execute a simple GET call...

This is what you get with package managers.

link
nixpulvis 222 days ago
I think it's clear to me that Rust needs to start admitting more into the STD to help with this and increase the consistency across the ecosystem.
link
Ygg2 222 days ago
This has happened already. See https://doc.rust-lang.org/std/cell/struct.LazyCell.html

It's just it's not frequent.

There is very few things that need to be in the standard library. I only ever miss chrono or equivalent not being in std.

link
nixpulvis 222 days ago
Time functions are a prefect example of somewhere there should be expanded support for in the STD. I'm also of the opinion that there should be a generic and reasonable async runtime in STD, since having `async` in the language, but to direct way to use it without a crate or writing your own executor is awkward.

Then there are things like serialization and logging, which I like the idea of having promoted crates which are essentially just better advertised for newcomers. (Maybe included in the distribution already in some way).

link
burntsushi 222 days ago
If Chrono were in std, that would have been a disaster IMO.
link
Ygg2 222 days ago
Not exactly chrono crate (to quote "chrono or equivalent"). More like Java's version of chrono.
link
burntsushi 222 days ago
But what if we did that 5 years ago? Oops. And even Java's API has problems too. Why not let it be provide by the ecosystem where it can qctually evolve?
link
Ygg2 222 days ago
What problems does Java JSR 310 have (old Java time yes, but those are known issues)? As far as I have used it, it was damn near perfect.
link
vacuity 222 days ago
No, I think the idea of blessing a set of crates (with versions!) is better. The stdlib has a high burden of maintenance, and ideally should only be added to if changes are always backwards compatible. A blessed set is more flexible but still provides a high degree of reliability, unlike the present situation.
link
steveklabnik 222 days ago
This has been tried a few times, and in practice, people prefer the current status quo.
link
vacuity 222 days ago
I'm not aware of the attempts, but at least the route of adding more to the stdlib seems even worse, although it may be popular.
link
steveklabnik 222 days ago
Oh yeah, I would agree with that for sure.
link