Recently I decided to try Rust at work as well, after using it a little as a hobby, just to replace a basic shell script with it at first. While reliability, ergonomics, and other positive sides either do not beat Haskell (which I use for most programs, except for a few small shell scripts or [PL/pg]SQL functions) or it does not matter here, I similarly ran into that "immature ecosystem" issue: apparently people are still supposed to run a nightly build or rustup, but not a compiler from stable system's repositories, let alone libraries. It was that way when Rust was really new, which was understandable, but it is odd to run into that now, and also as the article mentions, even with basic libraries: I ended up using eprintln! instead of a logging library (fortunately used it with systemd, which picks up stderr output, and did not really need to set syslog levels or additional fields), env.args instead of an argument parsing library.
Mostly agreed with the conclusion, too: the language still looks good, especially as a C alternative, and hopefully it will be usable in a more stable setting. Gradually trying it out does not feel like a pivotal decision though, that sounds overly dramatic.
Using Rust without using the features provided by Cargo is akin to buying an electric car and asking for all the electronics to be removed.
Rust libraries will never be shipped by your distro’s package manager. Maybe a few exceptions for things that also have C bindings, but it will never be the default.
Many Rust libraries are shipped by distro package mangers, right now. But in general, those packages are intended to be used to build the Rust programs that are packaged in the distro, and not for general use. So it is going to be a painful way to try to write programs using Rust's ecosystem, as it is with basically every other non-C or C++ language.
It’s painful with c and c++ as well, the tool chain/libraries a distributor provides are almost never the ones you want to develop with as they are often ancient
> I similarly ran into that "immature ecosystem" issue: apparently people are still supposed to run a nightly build or rustup, but not a compiler from stable system's repositories, let alone libraries.
What languages/ecosystems is this not the case? Even with C/C++ you probably shouldn't be relying on your distro's package management for library and toolchain support.
Also, you do not need nightly unless there is some very shiny and new feature that you need that isn't on stable yet.
With C, I comfortably rely on the distribution's package management, even though it is not a rolling release or anything of that sort (Debian stable). Actually not sure how that would be the case with C, if one does not try to make things incompatible intentionally: the language and the major libraries' APIs are pretty stable there.
With Haskell (used for most tasks at work) I get the tools (GHC and Cabal) and most of the dependencies from Debian stable repositories, though loading missing ones from Hackage (but slowly moving towards not relying on Hackage at all). And keeping sources compatible with package versions from Debian repositories from version 9 to 12 (4 major versions, 6 years apart). With shell scripts, sticking to POSIX; with SQL ones, avoiding extensions and also doing fine.
We have very different experiences, I haven't worked on a production C/C++ project in the last decade that didn't vendor dependencies somehow. Debian stable is especially unreliable. In fact I can't think of a time I haven't had issues when working on a team greater than 1 or shipping builds because distro packaged libraries aren't reliable.
Also, why is it immature for Rust to ship a toolchain and package manager through a sidechannel, but not Haskell?
> why is it immature for Rust to ship a toolchain and package manager through a sidechannel, but not Haskell?
Haskell also feels less mature to me than C, with fewer POSIX functions being readily available, but as mentioned above, with Haskell (in my experience; the experiences indeed seem to differ) it is "one or two dependencies have to be pulled from Hackage across multiple projects and system versions", while in Rust it is rather "I failed to pull common logging and argument parsing dependencies on a single up-to-date stable system, and apparently one is supposed to install and update its compiler, package manager, and libraries separately from the rest of the system". Though some use ghcup or Stack, which also aim working without a system package manager, but at least a system package manager is a viable option.
You didn't have an up to date system if you use Debian stable. They do not keep their packages up to date.
It just seems weird to blame Rust for a problem you had with your package manager, when every modern ecosystem I can think of eschews distro package managers because of these problems.
This appears to highlight differences in our perspectives: while working with (and supporting software for) 4 most recent major Debian releases, the latest stable one feels like a fresh one to me, especially if it is updated to the latest available package versions (and minor release). The packages are not supposed to be cutting edge there, but "stable".
I also don't mean to blame Rust's ecosystem (let alone the language itself) in the sense of complaining about it, though talking about this feels that way, and I thought it might be useful to clarify: it appears to aim less "stable" and more "cutting edge" (or "experimental") versions and practices than "stable" system distributions do, and than more mature ecosystems tend to do. Likewise, I wouldn't call having a slightly older compiler version in system repositories a problem with package manager: this is a useful approach for getting a stable system, relatively well-tested and with predictable changes. Not every system has to be this way, but in some cases it is useful, some people (myself included) generally prefer those. And unfortunately those fail to play together smoothly at the moment, but I view it as an issue arising between those and their approaches, not as a problem of one of those.
Let me ask a more foundational question then, what is the virtue of a "stable" system?
In my mind, it's that updating a dependency doesn't break existing installations, or knowing that an existing install isn't going to get borked by an update.
And this is not something that is applicable to ecosystems like Rust, where it's not really possible to break a Rust program because another Rust program needs a newer version of the same dependency that happens to be incompatible with the older version. In fact, you can compile one Rust program that links against multiple versions of the same dependency at incompatible versions without issue.
So the entire notion of the Debian model of package management doesn't really apply to Rust, and there's not any benefit to keeping an older version of the toolchain around. There are only negatives.
And Rust has strong stability guarantees. A newer toolchain will not break compiles of older code. Nor will Cargo's cache break compiles with an existing lockfile because another package needed different incompatible versions of the same dependency. It's designed to be stable from first principles, in a way that C and C++ builds are not.
This is kind of why you're only going to have a bad time if you want to use the system package manager to manage your Rust packages. It's not built for the same problem domain, and over constrained for the design space.
> Let me ask a more foundational question then, what is the virtue of a "stable" system?
Not introducing breaking changes too often (so that you have to adjust configuration and custom software relatively infrequently), while applying security patches and other bugfixes, and being well-tested to work together are the first ones I think of. With "breaking changes" including changes to configuration, file formats, command-line interfaces, notable behavior, as well as library interfaces. Well, I think it mostly amounts to "knowing that an existing install isn't going to get borked by an update".
Supporting multiple dependency versions and stability guarantees indeed must help with avoidance of breaking changes in libraries, assuming the latest compiler version (or a dependency restriction: either compatible packages in system repositories or if there was such dependency resolution in Cargo), though probably not so much with fixes (I imagine there is less motivation to maintain stable branches and apply fixes to those then) and with integration testing. Besides, not all software is written in Rust: other packages and ecosystems must be taken into account as well. Likely more varied ecosystems can be handled more smoothly with NixOS or GuixSD, but I am not risking to use them on anything that should be reliable yet (maybe it is the time to look into those again though). But this kind of poor compatibility with stable systems does not seem necessary, especially for a language that is supposedly a safer alternative to C, while C is about as well-integrated into--and compatible with--common (POSIX) systems as it gets. Though then again, above it was noted that our experiences with C differ, but this is how I see it.
Feel free to use stable, plenty of libraries target stable.
At the beginning I was using stable without many problems.
I switched to nightly to access the last language features and I have no reason not to use it (I've never encountered a nightly bug in 4 years)
Haskell is my favourite language (if we forget prelude, exceptions, strings and a few other warts) but Rust wins hands down on pragmatism and getting things done.
The tooling (cargo vs stack) is way better and there are more production ready libraries to do cool things.
This is the one I tried to use, but failed to, since one of its dependencies required a rustc version newer than what I have here (1.63.0), and cargo was not able to pick the latest compatible version, but suggested that I do that manually instead. Which surprised me as well, since I keep hearing about it being nice, yet resolving dependencies is something other package managers (and Cabal in particular) tend to do. I tried to find what is the last version of that package supporting my compiler version, failed to do it quickly (how is one supposed to go around such a task, by the way?), and gave up.
It appears both clap 2 and clap 3 have packages in bookworm. Were you trying to use them from crates.io instead of apt? Clap is on version 4 there.
> how is one supposed to go around such a task, by the way?
There is not great tooling for this, because most people use the latest stable when starting a new project, and then rust being backwards compatible means things Just Work into the future. A vanishingly small number of folks use builds significantly older than that, since upgrading is generally trivial, and newer compilers have faster build times and better error messages.
Oh, I have not tried using it from system repositories: I tried that with another library (in a hobby project) before, had issues with that, been told and generally gathered that it is easier to pull dependencies with cargo, so went straight to that this time. I see that librust-clap-dev would pull 157 other packages with it though, but will look more closely into it: I would actually prefer getting dependencies from system repositories, thanks for pointing it out.
As for newer compilers, I prefer to depend on system repositories and package manager for updates, and to stick to stable branches, so that things do not change too often. I see the appeal of rolling release distributions and cutting edge software, but not feeling comfortable using it for things that are supposed to be reliable.
So to be clear, I do not recommend that you use the rustc provided by Debian for general development. But if that’s what you want to do, by trying to mix a rustc from Debian with packages from the general ecosystem, it is going to be the worst of both worlds. I would ignore crates.io if I were trying to do what you’re trying to do. You’ll have less access to packages overall, and be using older versions, but they’re at least known to work with each other and that specific rustc version.
I'm fascinated by that description since it's the total opposite of my experience using it. I'd love to see what happened if you have a repo.
I'm simply intrigued at this point.
They are using a rustc from August of 2022. If you installed that version, made a new project, and asked for the latest clap, it would not shock me at all if rustc were too old.
EDIT: from clap itself:
> We will support the last two minor Rust releases (MSRV, currently 1.70.0)
Steps to reproduce, once you have cargo and rustc from Debian stable repositories: cargo init && cargo add clap && cargo run. The following happens:
error: package `anstream v0.6.4` cannot be built because it requires rustc 1.70.0 or newer, while the currently active rustc version is 1.63.0
Either upgrade to rustc 1.70.0 or newer, or use
cargo update -p anstream@0.6.4 --precise ver
where `ver` is the latest version of `anstream` supporting rustc 1.63.0
For what is worth, you can use https://lib.rs to see the earliest version a crate supports. For Rust 1.63.0, you will have to rely on Clap 4.0.32 from December 2022, instead of anything newer (which only support 1.64.0+): https://lib.rs/crates/clap/versions
For anstream, the situation seems more difficult for you, as it doesn't seem that there's any (non-yanked?) release that supports <1.64.0: https://lib.rs/crates/anstream/versions
Thanks! I was looking for a page like that on docs.rs, crates.io, and possibly on lib.rs as well, but missed it; that is likely to be useful in the future. Actually now I see it on crates.io as well, <https://crates.io/crates/anstream/versions>. Or maybe I saw it before, and just have not found versions <= 1.63.
Mostly agreed with the conclusion, too: the language still looks good, especially as a C alternative, and hopefully it will be usable in a more stable setting. Gradually trying it out does not feel like a pivotal decision though, that sounds overly dramatic.