The big event this time was that @KodrAus finished the walkdir
evaluation, and it went really well. He filed a bunch of very
well-documented issues that are all still open and want to be
closed.
The error-chain evaluation is open too and in need of help
completing the guidelines checklist and brainstorming ideas for
cookbook recipes. There’s also a fair bit of discussion on that thread
about the error-chain design. If you have opinions don’t hesitate to
jump in.
Coming up we’ll expect @burntsushi to get the gcc evaluation started
soon, and for me to schedule out the next few crates after that.
I also hope to start a push for getting actual 1.0 crates released,
and to motivate that with a “1.0 achievements” thread of some kind,
where any crate author can post their crate that meets some
qualifications to the best of their determination.
It was another really productive week. Thanks to everybody who chipped
in!
That leaves 3 more slots for us to fill to fulfill our scheduled 16 crates for the year. I am not sure yet what will happen schedule-wise after that, but probably the focus will be on actually getting those 1.0 version bumps so we have something to show for ourselves at the end of the year. I think though that we will probably maintain some kind of steady schedule. We’ll see.
In the meantime, I’m also looking at more crates for the “out-of-band” crate selection, that is crates we can run evaluations on at any time, but that the libs team is not going to conduct an entire meeting about. I’ll fill out that list a bit, and contact authors to get consent to review their crates.
To account for our accomplishments at the end of the year, I’ve put together a spreadsheet tracking the contributions to both crates and the cookbook, by individual contributor. Note the pivot table sheets that sum up contributions.
So far it counts fixes to 99 crate issues, and 32 cookbook recipes. That’s pretty great!
OK, I’ve taken the bold step of scheduling rand for 7/25 (which means we have to kick-start that evaluation next week).
I’m going to suggest that our disposition here with rand should be to polish it and release 1.0, limiting ambitious design changes. rand has been the subject of a lot of criticism over the years, and has suffered from not having a dedicated maintainer, but rand is also the best way we have to get random numbers today, and it’s just fine at that. There’s going to be a strong temptation to not settle on good enough, and demand a complete redesign, but the fact is that has not happened in the years people have been wanting it. There’s plenty we can do to improve the crate we actually have, and we should do that.
So let’s do a thorough review, and be cognizant of scoping the resultant work to what we can reasonably accomplish now, and what we can accomplish later.
Perhaps getting out a limited-ambition rand 1.0 will inspire someone to come along and design a better rand, and that can become rand 2.0, or it will deprecate rand. Let’s give it a shot and see what happens.
We need somebody to lead this evaluation. Anybody interested?
cc @bstrie I know you’ve talked about working on rand recently.
I’ve also triaged the list of “out-of-band” evaluations for crates
that are ready to be evaluated. They are updated in the op and also
listed here along with their maintainers.
These are important crates that for whatever reason the libs team is
unlikely to dedicate one of their meetings to. But they still deserve
the same polish and review that we pride ourselves on.
This list is composed of crates who’s authors have already assented
to having their crates scrutinized as part of the libz blitz. I am
additionally contacting the authors of a few others crates.
Volunteers are needed to lead these evaluations. If you are
interested say so on this thread.
The process for leading an evaluation is roughly:
Add the crate to the OP of this thread, either to 'crate schedule’
if it’s going to a libs team meeting, or to ‘other crate evaluations’,
for ‘out-of-band’ crate evalautions (like these).
Open an internals thread using the evaluation template,
following the example of previous evaluations. Convert the op to a
wiki with the wrench icon in the bottom right set of options.
Open an issue against rust-cookbook to brainstorm examples.
Copy the API guidelines checklist to an etherad, linked from
the evaluation op.
Encourage contributors to fill out sections of the guidelines
checklist, to make free-form observations on thread, and suggest
cookbook examples.
As guidelines are completed, make notes in the op about potential
issues to file against the crate once the evaluation is complete,
and matters that need more discussion.
Work with the crate author to note pre-existing issues that block a
1.0 release.
After a few weeks, organize the issues and discussion points. Work
with the author and community to agree on a set of resolutions and
file them as issues on the crate repository, linked to a single
tracking issue. Follow existing examples.
Periodically follow up on the cookbook and crate tracking issues
to help drive them to completion.
Hm, this might sound like a big task, and it kinda is, but it’s
important work, and so far has resulted in valuable improvements
and contributions.
@briansmith ring is indeed a great crate, and it's on the candidate list. I'm glad to hear you are confident that its random number facilities are the best in the ecosystem. It's been on my shortlist of crates the libs team might want to schedule soon.
Are you interested in having the community / libs team evaluate it as part of the libz blitz sometime?
I think it would make more sense to stabilize a new version of rand with a much simpler API like ring’s and the implementation details from ring (e.g. the feature flag to turn off the fallback to /dev/urandom for facilitating sandboxing that blocks file I/O syscalls).
There are lots of things that you could do in libstd that could be done in Rust, which currently require C/asm in ring because of the lack of stable (proper) access to syscalls and RDRAND/RDSEED in stable Rust, which is what ring targets.
In other words, I’m not proposing that ring be the replacement for rand, but rand’s API should be fixed to be closer to ring’s than its current API.
1.0 is partly marketing and partly about some kind of commitment to a stable API.
As far as marketing goes, I’ve debated releasing 1.0, 2.0, 3.0, etc. instead of 0.6, 0.7, 0.8, etc. but it doesn’t matter enough for me to bother with.
As far as the API stability goes, I know there will be more breaking changes (e.g. the AEAD API) this summer (I hope) but I’ve not considered trying to finalize any part of the API. Especially there are some parts of the API that would change if/when things like const fn and statics in constant position (e.g. x: [u8 ; ring::digest::SHA256::output_len];) were/are added to the language.
Regarding some things that are in the API guidelines, like the capitalization requirements for SHA256 vs Sha256, I’d like to see some evidence showing that those things actually have a significant positive difference vs. being over- or wrongly- specified before I make changes like that.
Awesome. It's yours! You can just run it in the same way as the previous one.
This week I am at a Mozilla all-hands and won't have much time to devote directly to this, but next I'll make sure we get some more evaluations underway.
I thought it was still worth time-boxing the evaluation component even though there isn’t a libs meeting. I gave it 2 weeks from today, but am happy to change or remove that.