HN2new | past | comments | ask | show | jobs | submitlogin

Cargo also has issues when two crates have incompatible dependencies, or at very least you end with the same crate being compiled a couple of times, as the hashes don't match up.

Usually when compiling from source many libraries provide pkg-config configuration files on "make install".



Yes. Rust encourages version pinning. You go to "crates.io", and it gives you a specific version number to put in your "cargo.toml" file. Now you're nailed to that version for your program or crate. Crates have their own "cargo.toml" file, with their own versions, and it's quite possible to pull in multiple versions.

Right now, I'm using the latest version of "reqwest" known to "crates.io." It's pulling in Tokio v0.2.23, not the new tokio v1.0.0. No surprise there, the new version only came out yesterday. So we'll see how the new version works at some time in the future.

It's good to get to version 1. The semantic versioning rules allow breaking changes without changing the first digit when the first digit is 0. Typical complaint on forums: "bignum happens to use rand internally, and it happens to only use version 0.5.0, with restrictions against using a higher version due to breaking changes." Rust still has many low-level crates at version 0.x.x, from "bytes" to "uuid". Reaching 1 indicates greater stability.


> Yes. Rust encourages version pinning.

Rust makes version pinning feasible, e.g. by allowing multiple versions of the same package in a build (not all module systems have this feature!) but doesn't encourage it. You've identified a problem with using 0.x.y-versioned packages as dependencies (which means de-facto opting out of semver), but that's not a problem with Rust specifically; it could occur in any language.


To be clear, the default semantics are ^, not =. So even if you put 1.2.3 in your Cargo.toml, you may get 1.3.0, you just won’t get 2.0.0.


Which might lead to the same outcome anyway as there is nothing that prevents those version numbers to actually mean anything.

It is up to the library authors to uphold its semantics.


But with Cargo it's scoped to the crate you're compiling right? So it only matters if there's a collision in the dependencies of a given project.

Isn't it the case with pkg-config that everything is stored in a central location?

In any case, I think you can't seriously argue that the c/c++ dependency management solution is anywhere close to running `cargo build`/`cargo run` in terms of simplicity.


Yes I surely can, because Conan and vcpkg do exist, and contain all major well known libraries in the C and C++ communities.

Specially the C++ community has seen lack of something like cargo as weaknesses and moved to sort it out.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: