Le 30/12/2022 à 15:49, Jonas Smedegaard a écrit :
Quoting Sylvestre Ledru (2022-12-30 15:20:45)
FYI, this isn't a mandatory upgrade for sccache. it works fine with the current
version of rust-openssl from the archive
(just like most of the sccache updates)
Thanks, I am aware of that.
But upstream choosing to tighten not only Cargo.lock but also Cargo.toml
can only be interpreted as lack of promise that it will work.
Occationally I initiate dialogues with upstreams challenging the sanity
of such (in my opinion too agressive) push for new libraries, but sadly
my experiences with Rust upstream developers having strong opinions
discourages my patience initiating such conversations.
I would certainly appreciate if you, with your upstream hat on, relaxed
crate dependencies where needlessly tight. I consider that more hlpful
than comments in bugreports like this: Upstream agressive dependency
handling causes busywork downstream, with investigating sanity, and
patching sources, and filing bugreports like this.
Unfortunately for Debian, this is the common way to do rust development
for many upstream projects.
We try to update often to new version of dependencies to identify
quickly potential regressions in the various crates +
dependabot makes this super easy.
Cheers,
Sylvestre