js  

Wait what? One of the most used #Rust libraries ships a BINARY that has been proven to NOT EVEN MATCH THE SOURCE? How can Rust people think this is acceptable?

And here I was thinking that you need to trust their binaries to bootstrap Rust at all was bad, but now it’s also you need to trust the binaries of random developers. Or that I thought it was bad that they tried to infect all modern software using their “Rewrite it in Rust” movement so that you can no longer run it on less common OSes / CPUs (because if you would mention that, they’d just tell you to go fuck yourself, essentially. librsvg, anyone? python-cryptography, anyone?).

I think we have reached the point: Rust needs to die. Not because the language is bad, but because of it’s community. It needs to be ripped out of everything and Rust code needs to be rewritten in something else with a less toxic community.

1+
Xerz 💗  

@js ……honestly I still think the Rust community is among the sanest

which begs the question: do we exterminate humanity :blobcatgooglyheadache:

1+
js  

@xerz Honestly, I am not aware of any other community that is so big on “It works on my machine, fuck you for not using the exact same machine as me, including the binaries on my machine” as Rust.

I also don’t know of ANY other community that goes around and tries to get their language into absolutely every project they can find. And dropping literally HUNDREDS of previously supported OS/CPU combinations for absolutely no reason and tells those people to go fuck themselves.

Yes, I had to throw out hardware thanks to the Rust community!

1
Xerz 💗  
@js I'll still take that any day over Python, JS, Go, Nim, D...
1+
js  

@xerz I’ll take any of those any day over Rust.

Has Python ever tried to force you to throw out hardware before the Rust people put trojanized it?

Has JavaScript ever forced you to use their ecosystem? Or Nim? Or Go? Or D?

No? Exactly!

1
Xerz 💗  

@js personally if I have to choose, I value more caring about people and making things secure than target support… that said it shouldn’t be a matter of choice

1
js  

@xerz Hahahaha, more secure. By FORCING people to use binaries that do not even match the source! If anything, this revealed that Rust never was about security, because nobody in their right mind with who thinks about security for 2 seconds would ever do that, and then even double down on it in the bug report!

1+
Jakub Jirutka 🇪🇺🇺🇦  

@js @xerz Please calm down, this is just about one developer who made a terrible, ignorant and arrogant move. The community strongly protests against it. If he doesn’t rever it, serde will be forked. The community said pretty clearly that this is unacceptable.

BTW, you can find bundled binaries on npm, RubyGems, probably PyPI. And yes, it’s insane.

0
js  

@jakub @xerz Not only probably for PyPI, it even has a format for it: Wheel. Luckily, that can be disabled.

But yeah, maybe having these “everyone can upload a package” repositories as have been established by all the modern languages was a bad idea in general. (Actually, not just maybe.)

1
Elias
Follow

@js @xerz @jakub

I think this discussion boils down to the following two things which people may want:

(1) ability to build everything from source

(2) ability to enforce memory-safety

In my own opinion, (1) is critical, it is what FOSS is all about, while (2) is more a nice-to-have kind of thing. I would never sacrifice (1) to get (2).

People who like Rust sometimes seem to focus on (2) so much that they are willing to throw (1) under the bus. That's not good.

· Web · 0 · 0 · 1
Sign in to participate in the conversation
Librem Social

Librem Social is an opt-in public network. Messages are shared under Creative Commons BY-SA 4.0 license terms. Policy.

Stay safe. Please abide by our code of conduct.

(Source code)

image/svg+xml Librem Chat image/svg+xml