Hi Michał,

Michał Górny <mgo...@gentoo.org> writes:

> So it seems that upstream has practically closed the discussion,
> and the short summary is that they only care for the 'majority' of
> users, they don't care for minor platforms (but we're free to port
> LLVM/Rust to them) and -- unsurprisingly -- this is a part of crusade
> towards promoting Rust.
>
> Given the aggressive opinions of a number of Python core devs
> participating in the discussion, I'm afraid that it is quite probable
> that a future version of CPython may require Rust.  In fact, they've
> already started having knee-jerk reactions to the problem at hand [1]. 
> To be honest, I've never thought I'd be this disappointed in Python
> upstream.
>
> Good news is that they've promised to keep a LTS branch with security
> fixes to the non-Rust version.  Until end-of-year.  And they've pretty
> aggressively stated that they won't fix anything except security bugs
> with a CVE assigned.  So if it stops building for whatever reason, we're
> on our own.
>
> I've reached out to Debian and they're planning to remove support for
> minor architectures for this package in the next release.  However,
> Python is not as central to them as it is to us.  Alpine is also
> affected but seems intent on pushing Rust forward, so they'll probably
> drop these architectures as well.
>
> Mike's submitted a PR to remove (unnecessary) cryptography dep from our
> urllib3/requests packages [2].  This should make it possible to avoid
> cryptography at least on some systems.  However, it is still an indirect
> test dependency of these packages, so we're going to have a hard time
> keeping them properly tested.
>
> At this point, I'm really depressed about this and I'm seriously
> wondering why I'm wasting so much effort on open source.  I don't see
> a good way out of it.  Rust could be a nice language -- but it won't if
> it continues to be surround by arrogant zealots who want to destroy
> everything in their path towards promoting it.
>
> The first big blocker we're going to hit is trustme [3] package that
> relies on cryptography API pretty heavily to generate TLS certs for
> testing.  If we managed to convince upstream to support an alternate
> crypto backend, we'd be able to retain minor keywords a lot of packages
> without too much pain.

I could feel the pain.  

Bootstraping Rust on Prefix is somewhere between alpha, hppa, ia64,
m68k, s390 and amd64[1].  The problem was exposed by
gnome-base/librsvg[2].

I am wondering how useable pkgcore is on alpha, hppa, etc.  Maybe it's
time for us to plan for a Gentoo without essential Python dependency.

Looking forward to gcc-rust for saving the world in the end.

Benda

1. https://bugs.gentoo.org/689160
2. https://bugs.gentoo.org/739574

Reply via email to