Re: Understanding what's missing for Rust dynamic linking (was: Proposal for how to deal with Go/Rust/etc security bugs)
On Thu, 25 Jan 2024 at 18:22, Gard Spreemann <gspr@nonempty.org> wrote:
>
> Hello.
>
> Paul Wise <pabs@debian.org> writes:
>
> > On Thu, 2024-01-25 at 00:24 +0000, Wookey wrote:
> >
> >> People keep telling us (@ARM) how marvellous Rust is, and we keep
> >> telling them that it's useless in the real world until it sorts out
> >> the stable ABI/dynamic linking problem.
> >
> > IIRC that has been worked on for some years now, and IIRC
> > the static linking wiki page has some references about this.
> >
> > https://wiki.debian.org/StaticLinking
>
> This reminded me that I'm not even sure that I fully understand what
> Rust's remaining technical obstacles to achieving dynamic linking (at
> least within Debian) are. I'm ignoring the potential cultural or
> political issues that have been alluded to by others. My understanding –
> and please do correct me! – has been that three components are missing:
>
> (1) A stable ABI.
<...>
> From Debian's perspective, is really (1) all that important given that a
> stable release only has to deal with a specific version of the compiler?
> Could we not live with every new version of *just* rustc in sid
> introducing a transition with a rebuild of every Rust package?
A security bug in the standard library would require rebuilding and
shipping the universe, so yeah I'm pretty sure it's quite fundamental.
Reply to: