On 05/09/2025 11:31, Phillip Wood wrote:
I would like us to adopt rust but I am concerned about the implications
for platforms without rust and think we should give some notice in the
form a clear announcement in the release notes once we have a concrete
plan. That plan should include a decision on what commitment we can
realistically offer with regard to security updates for platforms
without a rust compiler so maintainers on those platforms have a clear
idea of how long they will be supported.
Here's what such an announcement might look like
This release introduces an optional dependency on rust that is
enabled by default. Platforms without a rust compiler can continue
to build git by passing NO_RUST=1. In six months time we plan to
make rust mandatory for building git. From that point git 2.x.y (the
last version that can be built without rust) will continue to
receive security updates for three years.
To me the important elements are:
1) There is a short period where rust is optional. This allows
(i) Distributors on platforms without a rust compiler time to notify
their users that in the future they will only be able to offer
security updates.
(ii) Distributors on platforms with a rust compiler time to adjust
their build procedures to include rust.
(iii) The git project time to gain experience of using rust and writing
the necessary bindings while building with it is optional.
2) Rust is enabled by default so platforms without a rust compiler are
made aware of the problem but have an easy way to continue to build
git while rust is optional.
3) There is a period of a small number of years where we continue to
provide security updates for a version of git that can be built
without rust. This is intended to allow a realistic time for
distributors on platforms without a rust compiler to port one or make
other arrangements for providing future security updates without
placing an undue burden on the project to provide security updates
for niche platforms indefinitely.
Thanks
Phillip
