Phillip Wood <phillip.wood123@xxxxxxxxx> writes: > This release introduces an optional dependency on rust that is > enabled by default. Platforms without a rust compiler can continue > to build git by passing NO_RUST=1. In six months time we plan to > make rust mandatory for building git. From that point git 2.x.y (the > last version that can be built without rust) will continue to > receive security updates for three years. > > To me the important elements are: > > 1) There is a short period where rust is optional. This allows > (i) Distributors on platforms without a rust compiler time to notify > their users that in the future they will only be able to offer > security updates. > (ii) Distributors on platforms with a rust compiler time to adjust > their build procedures to include rust. > (iii) The git project time to gain experience of using rust and writing > the necessary bindings while building with it is optional. Good. I am not sure "short" should be an important element, but having a known and agreed-upon deadline helps. > 2) Rust is enabled by default so platforms without a rust compiler are > made aware of the problem but have an easy way to continue to build > git while rust is optional. Obviously there is nothing to disagree with here, as it is the definition of the word "optional" ;-). > 3) There is a period of a small number of years where we continue to > provide security updates for a version of git that can be built > without rust. This is intended to allow a realistic time for > distributors on platforms without a rust compiler to port one or make > other arrangements for providing future security updates without > placing an undue burden on the project to provide security updates > for niche platforms indefinitely. I am not willing to see such a support for multiple years, though. If the first item is 6 months, this backporting stale releases should be on the same order of timeperiod. If it were "3 years of optional period, 18 months of backporting security updates", I would find it more realistic. It would give those platform maintainers enough time to robby, fundraise, or otherwise campaign to bring Rust on their system. I personally find that 6 months is way too short (if we are _only_ looking for an excuse to say "we have given them ample time to react, and now it is their problem", 6 months may be good enough, though).
