Hi,Disclaimer, I may be misunderstanding how things work, because I only judge it on observations and some comments in threads here and there.
On 11-02-2023 00:43, Adrian Bunk wrote:
I would be curious whether there is any technical reason why most Go libraries are binary-all but most Rust libraries are binary-any. Both choices look reasonable to me, but different ecosystems in Debian seem to have made different decisions in the same situation.
I think go libraries are compiled statically into the other go binary packages, so the whole go world needs to be recompiled for security (or other) issues. IIUC some/most rust libraries are source only, so it's the packages that build with rust that need to be binNMU-able. I have no experience with rust whatsoever, but to me as a bystander, the claim of Jonas does make sense. However, I agree with bunk: deviating from the ecosystem (in Debian) has a price and also I wonder if that price (non-maintainer human resources) might be high even _if_ the solution is superior.
Paul
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature