On Mon, Feb 8, 2021 at 9:56 AM Alessandro Barbieri <lssndrbarbi...@gmail.com> wrote: > > Il Lun 8 Feb 2021, 12:19 Michał Górny <mgo...@gentoo.org> ha scritto: >> >> Hi, >> >> FYI the developers of dev-python/cryptography decided that Rust is going >> to be mandatory for 1.5+ versions. It's unlikely that they're going to >> provide LTS support or security fixes for the old versions. >> >> Since cryptography is a very important package in the Python ecosystem, >> and it is an indirect dependency of Portage, this means that we will >> probably have to entirely drop support for architectures that are not >> supported by Rust. >> >> According to upstream platform support information [1], this probably >> means (eventually) entirely removing the following architectures: >> - alpha (stable) >> - hppa (stable) >> - ia64 (stable) >> - m68k (exp) >> - s390 (except for s390x, exp) >> >> Furthermore, the Gentoo Rust packages are missing support >> for the following platforms, apparently supported upstream: >> - mips (exp) >> - ppc (32) (stable) >> - sparc (stable) >> - s390x (exp) >> - riscv (stable) >> >> Apparently it's non-trivial to bootstrap Rust on these platforms, >> so it's unclear when Gentoo is going to start providing Rust on them. >> >> I've raised a protest on the cryptography bug tracker [2] but apparently >> upstream considers Rust's 'memory safety' more important than ability to >> actually use the package. >> >> Honestly, I don't think it likely that Rust will gain support for these >> platforms. This involves a lot of work, starting with writing a new >> LLVM backend and getting it accepted (getting new code into LLVM is very >> hard unless you're doing that on behalf one of the big companies). You >> can imagine how much effort that involves compared to rewriting the new >> code from Cryptography into C. >> >> If we can't convince upstream, I'm afraid we'll either have to drop >> these architectures entirely or fork Cryptography. >> >> >> [1] https://doc.rust-lang.org/nightly/rustc/platform-support.html >> [2] https://github.com/pyca/cryptography/issues/5771 >> >> -- >> Best regards, >> Michał Górny > > > Should we shed tears for those legacy architectures or move forward? Does > anyone really use them in production?
Many users don't use gentoo in 'production' so I'm not sure how that matters in our decision making. I'm not sure the trade off here (taking rust as a core dep) is reasonable and it looks like we can avoid it. -A
