[Bug 1964098] Re: [FFe] Versioned packages for Rust toolchain

Seth Arnold 1964098 at bugs.launchpad.net
Tue Mar 15 01:26:04 UTC 2022 

I can really appreciate the appeal of a "do nothing today" solution but
I'm worried about how much work, and unknown surprises, await us on our
*first* update in the future.

At some point, we'll have a security issue in a rust program that can
only be solved in coordination with a toolchain update, and we'll need
to learn what needs to be done, what parts need updating, etc, while
under duress.

Will our unfamiliarity with this process provide us with an
insurmountable stumbling block in the future, one that risks our users
or our reputation?

Thanks

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rustc in Ubuntu.
https://bugs.launchpad.net/bugs/1964098

Title:
  [FFe] Versioned packages for Rust toolchain

Status in rustc package in Ubuntu:
  Invalid

Bug description:
  Hi,

  In the rustc MIR at
  https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1957932 it was proposed
  that the Rust toolchain start using versioned source packages to allow multiple
  versions in the archive at the same time. The issue was discussed in-person
  during the recent sprint, and consensus was that this would be a good idea
  going forward to minimize the risks associated with updating the toolchain in
  stable releases, which as before will be necessary for Firefox support.

  However, the question arises of what to do with the current src:rustc package
  in Jammy. I see two paths forward:

  1/ We could rename src:rustc into rustc-1.58, adding the proper suffixes to its
  binaries, and introduce a new src:rustc-defaults package setting up symlinks to
  the new rust*-1.58 binaries. This would be needed if we'd expect the whole Rust
  ecosystem to move on to the newer toolchains as they are uploaded to the LTS.
  Similar work would probably be needed for src:cargo.
  I'm assuming this would require an FFe, as the potential for breakage in the archive
  seems quite high.

  2/ We could do *nothing*. We'd need to update the packaging of Firefox to deal
  with versioned binaries for rustc and cargo when the time comes, and the rest
  of the Rust ecosystem in the archive would remain tied to the 1.58.1 version of
  rustc. The (other?) downside is the lack of consistency within the Jammy
  release, where we'll have one version of rustc that's not explicitly versioned.

  Writing this all down makes me lean more towards 2/ as the proper solution
  here. However, I think this should be discussed in the open, and would benefit
  from the Release Team's input.

  TIA!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rustc/+bug/1964098/+subscriptions

More information about the foundations-bugs mailing list