From: Ezekiel Newren <ezekielnewren@gmail.com>
To: "brian m. carlson" <sandals@crustytoothpaste.net>,
Ezekiel Newren <ezekielnewren@gmail.com>,
Ezekiel Newren via GitGitGadget <gitgitgadget@gmail.com>,
git@vger.kernel.org, Elijah Newren <newren@gmail.com>
Subject: Re: [PATCH 1/7] xdiff: introduce rust
Date: Mon, 28 Jul 2025 13:11:34 -0600 [thread overview]
Message-ID: <CAH=ZcbBNg0Ku0VKvF0HUyksrcZdbT=8Xmk6_kQV0178ROATf8Q@mail.gmail.com> (raw)
In-Reply-To: <aIFauT8M0wRfaZV8@fruit.crustytoothpaste.net>
On Wed, Jul 23, 2025 at 3:57 PM brian m. carlson
<sandals@crustytoothpaste.net> wrote:
>
> On 2025-07-18 at 23:15:19, Ezekiel Newren wrote:
> > This goes against what I think is best practices. Don’t we need
> > Cargo.lock to audit and debug platform specific issues, and to ensure
> > reproducibility? Without Cargo.lock, we might get different results
> > one minute to the next if one of our dependencies releases a new
> > version. Checking in Cargo.lock aligns with Cargo’s documented best
> > practices (https://doc.rust-lang.org/cargo/faq.html#why-have-cargolock-in-version-control).
>
> I appreciate that, but best practices also don't limit software to a
> six-week lifespan. Rust the language is a great tool, but we also have
> a special case here in that we need to support software that upstream
> does not and that we care about OS distros, which upstream does not.
>
> Note that when someone builds locally, a Cargo.lock will be created and
> they will get reproducible builds from that point on. It is only on
> first build that they will get whatever's the latest.
>
> > I understand your concern and I agree that this could become a
> > problem. I’m totally flexible on which rust version should be used,
> > but without Cargo.lock checked in we lose the ability to audit why a
> > build failed. I think that this will be a pain point, but numbing that
> > pain means we can’t solve intermittent problems due to dependencies in
> > the future.
>
> I was one of the maintainers for Git LFS for several years. We
> routinely had people come to us and say, "This dependency you're using
> has a portion that you're not using, which has a CVE. I demand you
> update it and do a new release immediately because our security scanner
> is going off and our company policy is that there be no exceptions."
> This happens literally all the time and I absolutely in no case want to
> see those people on this list or the security list.
>
> So the options as I see them are (a) we don't check in Cargo.lock, (b)
> we convince the Rust project and the ecosystem to provide LTS releases
> with security fixes, or (c) we only accept dependencies that have our
> same lifetime policy (which are very few and far between). I know this
> makes builds unreproducible (although not under the Reproducible Builds
> project's definitions), but we really don't have many alternatives.
> --
> brian m. carlson (they/them)
> Toronto, Ontario, CA
I like having the Cargo.lock file to figure out why a build worked on
one system, but not another. After talking with Elijah I've decided
that a good solution would be to add Cargo.lock to .gitignore and
change the github workflows to ensure that Cargo.lock is preserved for
all builds. We should also add a comment to Cargo.toml stating that
any build or test issues should include the Cargo.lock that was
generated when asking for help. What does the community think of this
solution?
next prev parent reply other threads:[~2025-07-28 19:11 UTC|newest]
Thread overview: 204+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-07-17 20:32 [PATCH 0/7] RFC: Accelerate xdiff and begin its rustification Ezekiel Newren via GitGitGadget
2025-07-17 20:32 ` [PATCH 1/7] xdiff: introduce rust Ezekiel Newren via GitGitGadget
2025-07-17 21:30 ` brian m. carlson
2025-07-17 21:54 ` Junio C Hamano
2025-07-17 22:39 ` Taylor Blau
2025-07-18 23:15 ` Ezekiel Newren
2025-07-23 21:57 ` brian m. carlson
2025-07-23 22:26 ` Junio C Hamano
2025-07-28 19:11 ` Ezekiel Newren [this message]
2025-07-31 22:37 ` brian m. carlson
2025-07-22 22:02 ` Mike Hommey
2025-07-22 23:52 ` brian m. carlson
2025-07-17 22:38 ` Taylor Blau
2025-07-17 20:32 ` [PATCH 2/7] xdiff/xprepare: remove superfluous forward declarations Ezekiel Newren via GitGitGadget
2025-07-17 22:41 ` Taylor Blau
2025-07-17 20:32 ` [PATCH 3/7] xdiff: delete unnecessary fields from xrecord_t and xdfile_t Ezekiel Newren via GitGitGadget
2025-07-17 20:32 ` [PATCH 4/7] xdiff: make fields of xrecord_t Rust friendly Ezekiel Newren via GitGitGadget
2025-07-17 22:46 ` Taylor Blau
2025-07-17 23:13 ` brian m. carlson
2025-07-17 23:37 ` Elijah Newren
2025-07-18 0:23 ` Taylor Blau
2025-07-18 0:21 ` Taylor Blau
2025-07-18 13:35 ` Phillip Wood
2025-07-28 19:34 ` Ezekiel Newren
2025-07-28 19:52 ` Phillip Wood
2025-07-28 20:14 ` Ezekiel Newren
2025-07-31 14:20 ` Phillip Wood
2025-07-31 20:58 ` Ezekiel Newren
2025-08-01 9:14 ` Phillip Wood
2025-07-28 20:53 ` Junio C Hamano
2025-07-28 20:00 ` Collin Funk
2025-07-20 1:39 ` Johannes Schindelin
2025-07-17 20:32 ` [PATCH 5/7] xdiff: separate parsing lines from hashing them Ezekiel Newren via GitGitGadget
2025-07-17 22:59 ` Taylor Blau
2025-07-18 13:34 ` Phillip Wood
2025-07-17 20:32 ` [PATCH 6/7] xdiff: conditionally use Rust's implementation of xxhash Ezekiel Newren via GitGitGadget
2025-07-17 23:29 ` Taylor Blau
2025-07-18 19:00 ` Junio C Hamano
2025-07-31 21:13 ` Ezekiel Newren
2025-08-02 7:53 ` Matthias Aßhauer
2025-07-19 21:53 ` Johannes Schindelin
2025-07-20 10:14 ` Phillip Wood
2025-09-23 9:57 ` gitoxide-compatible licensing of Git's Rust code, was " Johannes Schindelin
2025-09-23 17:48 ` Jeff King
2025-09-24 13:48 ` Phillip Wood
2025-09-25 2:25 ` Jeff King
2025-09-25 5:42 ` Patrick Steinhardt
2025-09-26 10:06 ` Phillip Wood
2025-10-03 3:18 ` Jeff King
2025-10-03 9:51 ` Phillip Wood
2025-10-07 9:11 ` Patrick Steinhardt
2025-11-17 13:37 ` Johannes Schindelin
2025-10-05 5:32 ` Yee Cheng Chin
2025-07-17 20:32 ` [PATCH 7/7] github_workflows: install rust Ezekiel Newren via GitGitGadget
2025-07-17 21:23 ` brian m. carlson
2025-07-18 23:01 ` Ezekiel Newren
2025-07-25 23:56 ` Ben Knoble
2025-07-19 21:54 ` Johannes Schindelin
2025-07-17 21:51 ` [PATCH 0/7] RFC: Accelerate xdiff and begin its rustification brian m. carlson
2025-07-17 22:25 ` Taylor Blau
2025-07-18 0:29 ` brian m. carlson
2025-07-22 12:21 ` Patrick Steinhardt
2025-07-22 15:56 ` Junio C Hamano
2025-07-22 16:03 ` Sam James
2025-07-22 21:37 ` Elijah Newren
2025-07-22 21:55 ` Sam James
2025-07-22 22:08 ` Collin Funk
2025-07-18 9:23 ` Christian Brabandt
2025-07-18 16:26 ` Junio C Hamano
2025-07-19 0:32 ` Elijah Newren
2025-07-18 13:34 ` Phillip Wood
2025-07-18 21:25 ` Eli Schwartz
2025-07-19 0:48 ` Haelwenn (lanodan) Monnier
2025-07-22 12:21 ` Patrick Steinhardt
2025-07-22 14:24 ` Patrick Steinhardt
2025-07-22 15:14 ` Eli Schwartz
2025-07-22 15:56 ` Sam James
2025-07-23 4:32 ` Patrick Steinhardt
2025-07-24 9:01 ` Pierre-Emmanuel Patry
2025-07-24 10:00 ` Patrick Steinhardt
2025-07-28 9:06 ` Pierre-Emmanuel Patry
2025-07-18 14:38 ` Junio C Hamano
2025-07-18 21:56 ` Ezekiel Newren
2025-07-21 10:14 ` Phillip Wood
2025-07-21 18:33 ` Junio C Hamano
2025-07-19 21:53 ` Johannes Schindelin
2025-07-20 8:45 ` Matthias Aßhauer
2025-08-15 1:22 ` [PATCH v2 00/17] " Ezekiel Newren via GitGitGadget
2025-08-15 1:22 ` [PATCH v2 01/17] doc: add a policy for using Rust brian m. carlson via GitGitGadget
2025-08-15 17:03 ` Matthias Aßhauer
2025-08-15 21:31 ` Junio C Hamano
2025-08-16 8:06 ` Matthias Aßhauer
2025-08-19 2:06 ` Ezekiel Newren
2025-08-15 1:22 ` [PATCH v2 02/17] xdiff: introduce rust Ezekiel Newren via GitGitGadget
2025-08-15 1:22 ` [PATCH v2 03/17] xdiff/xprepare: remove superfluous forward declarations Ezekiel Newren via GitGitGadget
2025-08-15 1:22 ` [PATCH v2 04/17] xdiff: delete unnecessary fields from xrecord_t and xdfile_t Ezekiel Newren via GitGitGadget
2025-08-15 1:22 ` [PATCH v2 05/17] xdiff: make fields of xrecord_t Rust friendly Ezekiel Newren via GitGitGadget
2025-08-15 1:22 ` [PATCH v2 06/17] xdiff: separate parsing lines from hashing them Ezekiel Newren via GitGitGadget
2025-08-15 1:22 ` [PATCH v2 07/17] xdiff: conditionally use Rust's implementation of xxhash Ezekiel Newren via GitGitGadget
2025-08-15 1:22 ` [PATCH v2 08/17] github workflows: install rust Ezekiel Newren via GitGitGadget
2025-08-15 1:22 ` [PATCH v2 09/17] Do support Windows again after requiring Rust Johannes Schindelin via GitGitGadget
2025-08-15 17:12 ` Matthias Aßhauer
2025-08-15 21:48 ` Junio C Hamano
2025-08-15 22:11 ` Johannes Schindelin
2025-08-15 23:37 ` Junio C Hamano
2025-08-15 23:37 ` Junio C Hamano
2025-08-16 8:53 ` Matthias Aßhauer
2025-08-17 15:57 ` Junio C Hamano
2025-08-19 2:22 ` Ezekiel Newren
2025-08-15 1:22 ` [PATCH v2 10/17] win+Meson: allow for xdiff to be compiled with MSVC Johannes Schindelin via GitGitGadget
2025-08-15 1:22 ` [PATCH v2 11/17] win+Meson: do allow linking with the Rust-built xdiff Johannes Schindelin via GitGitGadget
2025-08-15 1:22 ` [PATCH v2 12/17] github workflows: define rust versions and targets in the same place Ezekiel Newren via GitGitGadget
2025-08-15 1:22 ` [PATCH v2 13/17] github workflows: upload Cargo.lock Ezekiel Newren via GitGitGadget
2025-08-15 1:22 ` [PATCH v2 14/17] xdiff: implement a white space iterator in Rust Ezekiel Newren via GitGitGadget
2025-08-15 1:22 ` [PATCH v2 15/17] xdiff: create line_hash() and line_equal() Ezekiel Newren via GitGitGadget
2025-08-15 1:22 ` [PATCH v2 16/17] xdiff: optimize case where --ignore-cr-at-eol is the only whitespace flag Ezekiel Newren via GitGitGadget
2025-08-15 1:22 ` [PATCH v2 17/17] xdiff: use rust's version of whitespace processing Ezekiel Newren via GitGitGadget
2025-08-15 15:07 ` [-SPAM-] [PATCH v2 00/17] RFC: Accelerate xdiff and begin its rustification Ramsay Jones
2025-08-19 2:00 ` Elijah Newren
2025-08-24 16:52 ` Patrick Steinhardt
2025-08-18 22:31 ` Junio C Hamano
2025-08-18 23:52 ` Ben Knoble
2025-08-19 1:52 ` Elijah Newren
2025-08-19 9:47 ` Junio C Hamano
2025-08-23 3:55 ` [PATCH v3 00/15] RFC: Cleanup " Ezekiel Newren via GitGitGadget
2025-08-23 3:55 ` [PATCH v3 01/15] doc: add a policy for using Rust brian m. carlson via GitGitGadget
2025-08-23 3:55 ` [PATCH v3 02/15] xdiff: introduce rust Ezekiel Newren via GitGitGadget
2025-08-23 13:43 ` rsbecker
2025-08-23 14:26 ` Kristoffer Haugsbakk
2025-08-23 15:06 ` rsbecker
2025-08-23 18:30 ` Elijah Newren
2025-08-23 19:24 ` brian m. carlson
2025-08-23 20:04 ` rsbecker
2025-08-23 20:36 ` Sam James
2025-08-23 21:17 ` Haelwenn (lanodan) Monnier
2025-08-27 1:57 ` Taylor Blau
2025-08-27 14:39 ` rsbecker
2025-08-27 17:06 ` Junio C Hamano
2025-08-27 17:15 ` rsbecker
2025-08-27 20:12 ` Taylor Blau
2025-08-27 20:22 ` Junio C Hamano
2025-09-02 11:16 ` Patrick Steinhardt
2025-09-02 11:30 ` Sam James
2025-09-02 17:27 ` brian m. carlson
2025-09-02 18:47 ` Sam James
2025-09-03 18:22 ` Collin Funk
2025-09-03 5:40 ` Patrick Steinhardt
2025-09-03 16:22 ` Ramsay Jones
2025-09-03 22:10 ` Junio C Hamano
2025-09-03 22:48 ` Josh Steadmon
2025-09-04 11:10 ` Patrick Steinhardt
2025-09-04 15:45 ` Junio C Hamano
2025-09-05 8:23 ` Patrick Steinhardt
2025-09-04 0:57 ` brian m. carlson
2025-09-04 11:39 ` Patrick Steinhardt
2025-09-04 13:53 ` Sam James
2025-09-05 3:55 ` Elijah Newren
2025-09-04 23:17 ` Ezekiel Newren
2025-09-05 3:54 ` Elijah Newren
2025-09-05 6:50 ` Patrick Steinhardt
2025-09-07 4:10 ` Elijah Newren
2025-09-07 16:09 ` rsbecker
2025-09-08 10:12 ` Phillip Wood
2025-09-08 15:32 ` rsbecker
2025-09-08 15:10 ` Ezekiel Newren
2025-09-08 15:41 ` rsbecker
2025-09-08 15:31 ` Elijah Newren
2025-09-08 15:36 ` rsbecker
2025-09-08 16:13 ` Elijah Newren
2025-09-08 17:01 ` rsbecker
2025-09-08 6:40 ` Patrick Steinhardt
2025-09-05 10:31 ` Phillip Wood
2025-09-05 11:32 ` Sam James
2025-09-05 13:14 ` Phillip Wood
2025-09-05 13:23 ` Patrick Steinhardt
2025-09-05 15:37 ` Junio C Hamano
2025-09-08 6:40 ` Patrick Steinhardt
2025-08-23 14:29 ` Ezekiel Newren
2025-08-23 3:55 ` [PATCH v3 03/15] github workflows: install rust Ezekiel Newren via GitGitGadget
2025-08-23 3:55 ` [PATCH v3 04/15] win+Meson: do allow linking with the Rust-built xdiff Johannes Schindelin via GitGitGadget
2025-08-23 3:55 ` [PATCH v3 05/15] github workflows: upload Cargo.lock Ezekiel Newren via GitGitGadget
2025-08-23 3:55 ` [PATCH v3 06/15] ivec: create a vector type that is interoperable between C and Rust Ezekiel Newren via GitGitGadget
2025-08-23 8:12 ` Kristoffer Haugsbakk
2025-08-23 9:29 ` Ezekiel Newren
2025-08-23 16:14 ` Junio C Hamano
2025-08-23 16:37 ` Ezekiel Newren
2025-08-23 18:05 ` Junio C Hamano
2025-08-23 20:29 ` Ezekiel Newren
2025-08-25 19:16 ` Elijah Newren
2025-08-26 5:40 ` Junio C Hamano
2025-08-24 13:31 ` Ben Knoble
2025-08-25 20:40 ` Ezekiel Newren
2025-08-26 13:30 ` D. Ben Knoble
2025-08-26 18:47 ` Ezekiel Newren
2025-08-26 22:01 ` brian m. carlson
2025-08-23 3:55 ` [PATCH v3 07/15] xdiff/xprepare: remove superfluous forward declarations Ezekiel Newren via GitGitGadget
2025-08-23 3:55 ` [PATCH v3 08/15] xdiff: delete unnecessary fields from xrecord_t and xdfile_t Ezekiel Newren via GitGitGadget
2025-08-23 3:55 ` [PATCH v3 09/15] xdiff: make fields of xrecord_t Rust friendly Ezekiel Newren via GitGitGadget
2025-08-23 3:55 ` [PATCH v3 10/15] xdiff: use one definition for freeing xdfile_t Ezekiel Newren via GitGitGadget
2025-08-23 3:55 ` [PATCH v3 11/15] xdiff: replace chastore with an ivec in xdfile_t Ezekiel Newren via GitGitGadget
2025-08-23 3:55 ` [PATCH v3 12/15] xdiff: delete nrec field from xdfile_t Ezekiel Newren via GitGitGadget
2025-08-23 3:55 ` [PATCH v3 13/15] xdiff: delete recs " Ezekiel Newren via GitGitGadget
2025-08-23 3:55 ` [PATCH v3 14/15] xdiff: make xdfile_t more rust friendly Ezekiel Newren via GitGitGadget
2025-08-23 3:55 ` [PATCH v3 15/15] xdiff: implement xdl_trim_ends() in Rust Ezekiel Newren via GitGitGadget
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAH=ZcbBNg0Ku0VKvF0HUyksrcZdbT=8Xmk6_kQV0178ROATf8Q@mail.gmail.com' \
--to=ezekielnewren@gmail.com \
--cc=git@vger.kernel.org \
--cc=gitgitgadget@gmail.com \
--cc=newren@gmail.com \
--cc=sandals@crustytoothpaste.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).