On Fri, Sep 05, 2025 at 02:14:43PM +0100, Phillip Wood wrote: > On 05/09/2025 11:31, Phillip Wood wrote: > > > > I would like us to adopt rust but I am concerned about the implications > > for platforms without rust and think we should give some notice in the > > form a clear announcement in the release notes once we have a concrete > > plan. That plan should include a decision on what commitment we can > > realistically offer with regard to security updates for platforms > > without a rust compiler so maintainers on those platforms have a clear > > idea of how long they will be supported. > > Here's what such an announcement might look like > > This release introduces an optional dependency on rust that is > enabled by default. Platforms without a rust compiler can continue > to build git by passing NO_RUST=1. In six months time we plan to > make rust mandatory for building git. From that point git 2.x.y (the > last version that can be built without rust) will continue to > receive security updates for three years. > > To me the important elements are: > > 1) There is a short period where rust is optional. This allows > (i) Distributors on platforms without a rust compiler time to notify > their users that in the future they will only be able to offer > security updates. > (ii) Distributors on platforms with a rust compiler time to adjust > their build procedures to include rust. > (iii) The git project time to gain experience of using rust and writing > the necessary bindings while building with it is optional. > > 2) Rust is enabled by default so platforms without a rust compiler are > made aware of the problem but have an easy way to continue to build > git while rust is optional. > > 3) There is a period of a small number of years where we continue to > provide security updates for a version of git that can be built > without rust. This is intended to allow a realistic time for > distributors on platforms without a rust compiler to port one or make > other arrangements for providing future security updates without > placing an undue burden on the project to provide security updates > for niche platforms indefinitely. Something like this is part of the BreakingChanges document I'm proposing in [1]. I think we should also highlight this upcoming change in the next release notes, with a pointer to that document. Patrick [1]: <20250904-b4-pks-rust-breaking-change-v1-0-3af1d25e0be9@xxxxxx>
