Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

A discussion about the destructive results of not storing Cargo.lock files at publish date #3774

Open
colin969 opened this issue Feb 18, 2025 · 2 comments
Open

A discussion about the destructive results of not storing Cargo.lock files at publish date #3774

colin969 opened this issue Feb 18, 2025 · 2 comments

Comments

@colin969
Copy link

This has definitely come up in the past, but I think it's worth at least having a response to it.

To make a bold claim: Rust can no longer be used to develop software for Windows 8.1 and older systems even when using old toolchains and old crate versions.

The lack of consistency for Operating System compatibility within Rust editions, toolchains and minor revisions of crates has forced my hand to drop Windows 7 support for my software. I can take my application that was working fine, add a crate published in 2019, and still have it fail to build because it will pull in nested dependencies which break on Windows 7. It is impossible to continue support for Windows 7 without a complete freeze on any and all dependencies regardless of when they were published and what they would have run on at the time.

I'm not arguing that Cargo.lock files should be used at installation, but the complete lack of one means Rust is slowly becoming a language I can't possibly recommend to someone who wants their software to be built for anything but immediate modern systems. There is no way to use crates to sensibly build new software for older machines, only to rebuild existing software without any changes.

I already had this issue a year ago for Windows XP, pulling in outright ancient versions of crates and ancient toolchains and still getting nested dependencies that are years newer than both so it's impossible to build. Seeing this with Windows 7 recently has been a bit more shocking.

I know there's no way to recover the years worth of discarded lock files and build logs. Docs.rs only stores the most recent build log so we can't even use that. But I'd like to see a solution to this for future published crates before the situation gets any worse, and we inevitably start having this discussion about why Rust can no longer be used to make Windows 10 software.

I originally posted this for discussion on the crates.io repo but was told that it'd be under the domain of this one instead.
@BurntSushi
Copy link
Member

Please provide concrete examples. What have you tried? What specifically goes wrong?

@Lokathor
Copy link
Contributor

So, is your idea that when cargo publish does a test build of the crate before publication, that the Cargo.lock it comes up with for that build is put into the crates.io metadata for that release, allowing specific compatible version combinations to be recorded?

Or do you have some other idea for where the Cargo.lock info would be integrated?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@BurntSushi @colin969 @Lokathor