Discussion about MSRV of the libc crate raises the question of what actually is Rust's policy for support of old Rust versions.
-
Can the Rust project have a clear minimum supported Rust version, including explicit guidance for Linux distributions and crates-io crate publishers?
-
If Linux distros aren't packaging Rust quickly enough, can the Rust project work around it? For example, provide official up-to-date packages for mainstream Linux distros, or convince Linux distros to package only
rustup
, and notrustc
andcargo
.
The current MSRV situtation is all over the place:
-
Rust releases have a 6-week cycle, and AFAIK this technically makes every compiler older than 6 weeks obsolete and unsupported. But I haven't seen any clear messaging from the Rust project stating so and discouraging people from using a compiler older than 6 weeks.
-
In the crates-io ecosystem people choose which Rust version they support, which varies, and there isn't a universal agreement how far support should go, or whether MSRV change is a breaking change. Some projects support only the latest stable, many projects are compatible with a few previous Rust releases (either as a matter of policy or just by chance), and there are some projects that make effort to support very old Rust versions.
-
Linux distros range from "LTS" types that freeze Rust versions so old that they're unusable with a majority of crates-io crates, to more frequently updating and "rolling" distros that try to keep up with Rust, within constraints of their own release schedule. Is a distro with a 6-month-old Rust acceptable, or are they shipping versions past their expiration date?
The problems are:
-
Debian. I don't think Debian's policies can be reconciled with Rust's. Can Debian be convinced to make an exception for Rust? Can Rust work around Debian?
-
There are people (and by extension companies they set policies for) who have "over my dead body" reaction to
curl | sh
installation method ofrustup
. Whether that's a justified security policy or an irrational superstition, it's non-negotiable either way. These users want some kind of a "proper" package, and typically prefer to get it from their chosen distro. -
New users coming from a very slow-moving C don't expect to be updating the compiler often, and expect projects to wait years before using any new compiler features. Such habits and expectations set them up for an awful experience with the crates-io ecosystem, and they typically misattribute that to Rust being "unstable" and "changing things too often". I don't think Rust should change its release frequency, but I'd love to find a solution to onboard such users smoothly.
-
crates-io is not optional for Rust projects in practice. Telling Linux distros to package/fork crates (90K of them!?) is not a serious solution. Leaving manual dependency downgrades to users creates an unpleasant experience.
-
Support for dependency resolution using
rust-version
field (or other similar features) would help decoupling MSRV of crates-io and Linux distros, but it's not a silver bullet:-
the question which Rust versions are supported remains, because crates may need to release security fixes, and users of older compilers won't like being left with vulnerable crates, even if they compile.
-
any improvements made in
cargo
/rustc
, even if they were released tomorrow, will still take some time to reach all distros, so there's still a question if/how to support all the Rust versions already released.
-