Especially because crates.io is powered by GitHub under the hood and you need a GitHub account to publish crates, so the Microsoft enshittification being forced on all the devs is inevitable. Biggest risk when building something with Rust in my opinion. If you have 100 dependencies - and this happens very quickly when you build GUI or web applications - then you will have a hard time not relying on crates.io.
Eh, I don’t want to get super off-track, but I would hazard that Microsoft has been a good steward for GitHub. But I agree crates.io shouldn’t require a GH account to publish.
In case anyone’s wondering, there’s no objection by the team to supporting different authentication methods - there are some practical matters, and seemingly a bit of tech debt from the historical use of GH, and if someone is willing to do the work then alternate providers would be accepted.
At the very least if you run your own registry you could mirror the crates.io dependencies, though then you need to either have a syncing system or manually mirror new versions as you upgrade your dependencies.
Really excited about the Cargo registry changes here. Another step forward to less reliance on crates.io
Especially because crates.io is powered by GitHub under the hood and you need a GitHub account to publish crates, so the Microsoft enshittification being forced on all the devs is inevitable. Biggest risk when building something with Rust in my opinion. If you have 100 dependencies - and this happens very quickly when you build GUI or web applications - then you will have a hard time not relying on crates.io.
Eh, I don’t want to get super off-track, but I would hazard that Microsoft has been a good steward for GitHub. But I agree crates.io shouldn’t require a GH account to publish.
In case anyone’s wondering, there’s no objection by the team to supporting different authentication methods - there are some practical matters, and seemingly a bit of tech debt from the historical use of GH, and if someone is willing to do the work then alternate providers would be accepted.
At the very least if you run your own registry you could mirror the crates.io dependencies, though then you need to either have a syncing system or manually mirror new versions as you upgrade your dependencies.
Here’s a script to mirror all of crates.io: https://github.com/progval/crates.io-mirror in a way that should be usable both from a web browser and from Cargo.
I haven’t ran it in a while, I expect it to take about 200GB now.
That’s a bit expensive in comparison, but I guess it could probably be modified to do it based in your dependencies. :)
Oh no, did async trait not make it for 1.74? Does anybody know the reason?
https://blog.rust-lang.org/inside-rust/2023/05/03/stabilizing-async-fn-in-trait.html
Appears it will be in 1.75: https://github.com/rust-lang/rust/pull/115822#event-10652483831
It was never slated for 1.74 because the beta branch that ended up as 1.74 was cut before the PR landed.