MSRV policy for libc crate

[joshtriplett]

In a previous libs team meeting, we discussed MSRV policy for the libc crate, and we debated between an N-1 policy and a slightly more conservative policy such as N-3 or N-4. We ended the meeting without having settled on a specific consensus, though it seemed like we were roughly on the same page.

Rather than make ad-hoc changes based on a non-specific MSRV policy, I think we should go ahead and nail down an MSRV policy for present and future changes.

I'd like to propose the following concrete policy:

• Support the last three stable versions of rustc (stable and the prior two versions).
• Only bump MSRV when we use a feature requiring newer Rust. (We do not systematically bump MSRV each time a stable release occurs.)
• Treat MSRV increases as an ordinary change, not a breaking change.

Note that this is a policy proposal for libc, not for other crates maintained by the libs team. After we get consensus on an MSRV policy for libc, we can consider what policy we want for other crates. Nonetheless, libc MSRV policy seems likely to serve as a defacto lower-bound for supported Rust versions among other libs team crates, and among many crates in the ecosystem.

For further information on the benefits of this: the PR dropping support and version detection for older versions of rustc was able to remove ~1600 lines of code, and that's not counting subsequent work that may be able to drop some of the wrapper macros. This represents a substantial improvement to maintainability, and may make it easier in the future to move to more automation to keep libc updated with the latest platform APIs.

[joshtriplett]

@rfcbot merge

[rfcbot]

Team member @joshtriplett has proposed to merge this. The next step is review by the rest of the tagged team members:

• @Amanieu
• @BurntSushi
• @dtolnay
• @joshtriplett
• @m-ou-se
• @yaahc

Concerns:

• opportunity for ecosystem to give feedback (MSRV policy for libc crate #72 (comment))

Once a majority of reviewers approve (and at most 2 approvals are outstanding), this will enter its final comment period. If you spot a major issue that hasn't been raised at any point in this process, please speak up!

See this document for info about what commands tagged team members can give me.

[petrochenkov]

This is such an unreasonably short support window for a foundational crate like libc.
I would expect at least couple of years of supported versions instead of N-3,4

[thomcc]

Yeah it's a bit tough, since this impacts a lot of crates that have libc in their dep tree. I think being conservative here is worthwhile, unfortunately.

One danger here is if a lot of crates end up pinning libc versions (which they shouldn't¹, but in practice is the tool many people reach for), those crates become incompatible to use with eachother.

Footnotes

1. Allowing users with a lockfile to deal with it via cargo update --precise is better. ↩

[joshtriplett]

@petrochenkov Assume, for the moment, that we aren't looking to support the use case of "run brand new crates from crates.io on a multi-year-old snapshot of rustc/cargo in an enterprise distribution". Are there any other use cases for which "couple of years" is actually a specific end-user need? Not something where crate-author asks crate-author asks crate-author based on hypotheticals, but actual end users who have an old rustc, and a need for new crates, and no better options?

[BurntSushi]

My instinctual response to this is also, frankly, that N-4 is too aggressive. But:

Are there any other use cases for which "couple of years" is actually a specific end-user need? Not something where crate-author asks crate-author asks crate-author based on hypotheticals, but actual end users who have an old rustc, and a need for new crates, and no better options?

I basically don't have a great concrete answer to this. And I will say, I've personally been looking for one for a while. Any time someone tells me about wanting crates to compile with older versions of Rust, I always try to ask: why? From memory, I've basically gotten these answers:

1. "I did sudo apt-get install rustc cargo, cloned your repository and then tried to run cargo build." In effect, they are trying to port workflows that they expect to work (probably from other language ecosystems) to Rust, and then get miffed that compilation breaks. Sometimes this even translates into errant bug reports. (Although, I think that's largely solved by Cargo's rust-version feature, once I get around to using it.) I also think people interpret this as a signal that Rust is "too unstable," in the sense that too many people are using language features that require a very new compiler. My experience is that most C or C++ libraries don't do this, and tend to update their language version (e.g., C++11 to C++14) pretty conservatively. So even folks using a conservative Linux distro will be able to do the apt-get install foo and then build random projects using foo. But for Rust, that doesn't really work. Instead, they really have to go use rustup, which is just going to be foreign to lots of folks not familiar with the Rust ecosystem.
2. "My company pins its Rust version in CI and it takes a lot of resources to upgrade." I've only heard this one once or twice, and I didn't really get a ton of details out of it. The obvious question to ask here, then, is whether they in turn need to use crates that require a new Rust. My recollection (I couldn't find a record of the discussion) is that the Rust ecosystem moved so fast relative to how often they upgraded their Rust compiler that it was not uncommon for them to try to bring in a crate and then have it fail to compile on their version of Rust. I don't recall drilling into this any more, e.g., why they couldn't "just" use old versions of crates. (Which does seem pretty annoying to me.) I think the overall impression I got was that this just wasn't typically a problem for them when using C or C++.

I think (1) is basically some combination of an awareness/workflow/perception problem. I think there's probably something to (2), but I just don't know enough concrete details about any specific use case to really know for sure. And in particular, I suspect (2) is kind of also a perception problem. Both (1) and (2) seem somewhat rooted in the idea that Rust and its ecosystem move so much faster than the things it tends to supplant that it tends to be really noticeable.

Now I do think perception problems are real problems, but I'm not convinced they reflect concrete use cases that argue strongly for a conservative MSRV policy. (By "conservative," I'm thinking that there is roughly support for N-9 releases, i.e., one year.)

Note that this is a policy proposal for libc, not for other crates maintained by the libs team. After we get consensus on an MSRV policy for libc, we can consider what policy we want for other crates.

OK, so I think this is really where my real concern with this change is. libc is basically as foundational as you can get as a library. Deciding an MSRV policy for it comes very close to effectively deciding an MSRV for the broader ecosystem. IMO, even if the MSRV is really just a perception problem, that's a pretty big deal. (I say "very close," because as @thomcc mentioned, if people hate this enough, they'll starting pinning libc and then that's going to be a cure that is worse than the disease. So technically, users of libc can still enforce their MSRV by either pinning libc in libraries (very bad) or pinning libc in their Cargo.lock (which is totally fine). But other than that, libc will end up deciding the MSRV for a lot of folks I think.)

Since libc is foundational and because I suspect this policy is probably more aggressive than extant MSRV policies in the ecosystem (being a little hand wavy there), I do think that we should try to broadcast this policy question before making a final decision on it. That is, I would like to make a good faith effort to give folks an opportunity to provide their opinion on this because of the impact this will have on the broader ecosystem. Basically, I want to avoid a scenario where this happens:

• We do an FCP here and because relatively few people watch this repo, it passes silently.
• The libc MSRV policy is put into place.
• Six months from now, we finally have a need to "test" the policy because there's this new Rust feature or API that was introduced in Rust N-4. So that gets merged and shipped out.
• A bunch of people who care about MSRV realize that the new release of libc has almost nearly forced them to make their policy more aggressive than what they had end up asking what's going on in the libc tracker.
• They get pointed to this issue and wonder why such a change wasn't broadcasted more widely so that they could have the opportunity to have their voice heard.

Maybe I'm overplaying it, but that's my sense. So I'll register a concern for that:

@rfcbot concern opportunity for ecosystem to give feedback

Otherwise, for me personally, I don't think I feel strongly for or against this change. I've long wanted good reasons for a conservative MSRV policy, and I've had a hard time finding them. Maybe this issue will force out some good ones that I've not heard of before. But I can definitely empathize with the annoyance of having to wait so long to use new Rust stuff, so I get where this is coming from.

[joshtriplett]

Note that this is a policy proposal for libc, not for other crates maintained by the libs team. After we get consensus on an MSRV policy for libc, we can consider what policy we want for other crates.

OK, so I think this is really where my real concern with this change is. libc is basically as foundational as you can get as a library. Deciding an MSRV policy for it comes very close to effectively deciding an MSRV for the broader ecosystem.

I was attempting to narrow the question to libc, not because I think it likely that other official crates can or should realistically be more conservative than libc, but rather, I wanted to separate the questions so that if someone wanted to argue "we should support X" they didn't have to simultaneously argue whether that meant X for libc or for everything.

If we do agree on N-2 for libc, then our realistic choices of policies for other official crates are N-2, N-1, or N. I'd tend to suggest N-2 for "foundational" crates like libc or libz-sys.

[petrochenkov]

2. "My company pins its Rust version in CI and it takes a lot of resources to upgrade."

I more or less meant this scenario.
In my case it was more like "several teams need to build the code in several infras, and asking others to update their infra too often is a nuisance because they have other more important things to do, so in practice the required Rust toolchain gets updated once in 0.5-1.5 years".

Crate versions still can be updated more often because it doesn't require similar coordination.
Also few crates change MSRV that often in practice so most of the dependencies still build in a year and don't need to be pinned to prevent updates. So the N-3,4 policy actually makes libc move much faster than majority of other less fundamental crates.

[shepmaster]

So the N-3,4 policy actually makes libc move much faster than majority of other less fundamental crates.

Not necessarily, but only possibly:

Only upgrade if there's a feature we actually need.

It just means that libc could bump the MSRV if needed. As you said...

few crates change MSRV that often in practice

[BurntSushi]

@petrochenkov Can you say more please? Here are the things I'm personally interested in:

• Why do you think it's justified for the (probably the entire) Rust project to spend effort maintaining a conservative MSRV because it is costly for y'all to upgrade? To me, it feels like this hinges a lot on just how common your scenario is. Like, what scale of problem is this? Is this a "I'm a little annoyed" flavor of problem, or is this a "we'll probably have to stop using Rust" showstopping problem?
• If upgrading Rust is really that costly, can you say more about why using older versions of crates isn't an acceptable alternative path for you?

@shepmaster

So the N-3,4 policy actually makes libc move much faster than majority of other less fundamental crates.

Not necessarily, but only possibly:

Only upgrade if there's a feature we actually need.

It just means that libc could bump the MSRV if needed. As you said...

few crates change MSRV that often in practice

I think you're technically correct, but I think the color you're adding here might give the wrong impression. There's a burden to supporting older MSRVs, and while @joshtriplett's post does include the language "Only upgrade if there's a feature we actually need," I think the word "need" there is doing a lot of work. For example, "need" might mean, "we want to use a new std API and don't feel like writing version sniffing code in build.rs to do conditional compilation" or it might mean "we have so much version sniffing already that adding more is just not worth the burden" or it might mean "we want to use a new Cargo.toml feature and there's no easy way of introducing such things conditionally." Frankly, all three are somewhat reasonable interpretations, but it's not totally clear which one will be followed in practice to me. So it might worth clarifying what exactly is meant by "need" here.

For example, if "need" is interpreted broadly, then I think it's very likely that libc will end up bumping MSRV more rapidly than existing "core" crates. But if "need" is interpreted narrowly, then it might actually be pretty rare for libc to bump MSRV.

[BurntSushi]

Someone else I'd like to hear from is @dtolnay. As I understand it, you maintain a Rust 1.13 MSRV for serde. This is despite requiring at least some non-trivial effort to do so. I don't think I've seen you opine on why exactly you do this. Could you share your perspective here?

[BurntSushi]

(Also, I have not actually broadcast this issue to a wider audience yet. Are people okay if I do that? Or do folks think we should wait on that for a bit or go about it a different way? As a former mod, I always feel a little weird shining spotlights on GitHub issue threads, since it can go sideways pretty easily.)

[petrochenkov]

@BurntSushi

Why do you think it's justified for the (probably the entire) Rust project to spend effort maintaining a conservative MSRV because it is costly for y'all to upgrade?

Because it's not that much effort in practice.
It's "some extra maintenance in libc alone" vs "some extra maintenance for all the people with slower Rust toolchain update schedules", the choice seems pretty clear to me.

If upgrading Rust is really that costly, can you say more about why using older versions of crates isn't an acceptable alternative path for you?

It's acceptable, and the issue is not a showstopper, but newer crate versions are not purely cosmetic and do fix relevant bugs sometimes (or add relevant Linux constants or whatever, in case of libc).

[BurntSushi]

Because it's not that much effort in practice.

Eh. The libc build.rs is pretty gnarly, and all of those cases get turned into conditional compilation knobs that get sprinkled throughout the code. I know I'm pretty averse to doing that (I've done it before on several occasions), so I end up just usually waiting to use a new feature in cases where I've tried to maintain a "conservative" MSRV.

It's doubly annoying because finding real tangible use cases for conservative MSRV has proven difficult. So it just feels like a lot of hand wringing for... not much in exchange.

It's "some extra maintenance in libc alone"

Certainly not! It's extra maintenance for everyone who tries to maintain a conservative MSRV. If libc got more aggressive about it, it might spur everyone else to get more aggressive too, thus reducing maintenance burden for a whole bunch of folks. Whether that's bigger or smaller than the "people with slower Rust toolchain update schedules" is actually totally unclear to me. I have no idea how widespread "slow toolchain update schedules" is in practice. I'm sure it's not just you (I've heard of others complaining about it), but I truly do not know the scale of it.

[shepmaster]

I think you're technically correct, but I think the color you're adding here might give the wrong impression.

I was not attempting to add color, or even opinions, just surface the wording concerns which you have now expanded upon.

---

For SNAFU, I maintain a Rust 1.34 MSRV, although I don't use a build.rs for newer versions. Instead, I use feature flags for each version that I need and use default features to enable a "new enough" version of Rust. This places the burden on people who want to use SNAFU with an "old enough" version of Rust, while still allowing a wide range of Rust versions to use SNAFU.

This works for me because I can write the majority of my code targeting old Rust versions. This does mean I'm locked to edition 2018, among other things, but that isn't amazingly painful for me in practice.

I have received feedback from Linux distro users that are using old versions of Rust so I know that there are real people out there affected by this.

---

Is there a list of what "new Rust" features the libc crate would like to make use of?

[cuviper]

1. "I did sudo apt-get install rustc cargo, cloned your repository and then tried to run cargo build." In effect, they are trying to port workflows that they expect to work (probably from other language ecosystems) to Rust, and then get miffed that compilation breaks. Sometimes this even translates into errant bug reports. (Although, I think that's largely solved by Cargo's rust-version feature, once I get around to using it.) I also think people interpret this as a signal that Rust is "too unstable," in the sense that too many people are using language features that require a very new compiler. My experience is that most C or C++ libraries don't do this, and tend to update their language version (e.g., C++11 to C++14) pretty conservatively. So even folks using a conservative Linux distro will be able to do the apt-get install foo and then build random projects using foo. But for Rust, that doesn't really work. Instead, they really have to go use rustup, which is just going to be foreign to lots of folks not familiar with the Rust ecosystem.

I totally understand that folks in the Rust ecosystem generally don't want to support traditional distro toolchain timelines, especially in enterprise where that can stretch 10 years or more. However, I do want distro Rust toolchains to be a viable option, and for RHEL we've tried to make that happen by keeping a more aggressive "rolling stream". That doesn't mean we ship every 6-week Rust release, but we do update the Rust toolchain in each RHEL minor release, every 6 months. (I also maintain Fedora's Rust, and we do ship every update there on all active releases.)

Now, with our own internal development pipeline, the version we put out in a RHEL minor release will already be 3-4 months old when it comes out. That's our latest version for the next 6 months, so it will be 9-10 months old by the time the next one comes around. For example, in May 2022, RHEL 8.6 and 9.0 shipped Rust 1.58, and those will be in use until 8.7 and 9.1 around November.

People also don't upgrade RHEL releases right away. Conservatively, padding that out to a year for an MSRV update policy is probably good enough, and if they still haven't updated they'll have some impetus. And FWIW, we did choose a one-year MSRV policy for rayon (although it's currently sitting quite a bit older).

I know many people won't care about RHEL, but we're trying to find a good compromise there.

2. "My company pins its Rust version in CI and it takes a lot of resources to upgrade."

I more or less meant this scenario. In my case it was more like "several teams need to build the code in several infras, and asking others to update their infra too often is a nuisance because they have other more important things to do, so in practice the required Rust toolchain gets updated once in 0.5-1.5 years".

And in some cases, this sort of case is also "outsourced" to the distro update process.

[saethlin]

As someone who delivers software written in Rust to RHEL environments, I would really like to hear from users who are developing on RHEL using the distro rustc/cargo instead of rustup. We jump through hoops to deliberately avoid using distro packages when possible, on account of their age.

[cuviper]

I don't have hard customer data to offer here, but I think there's also a chicken-and-egg problem, that Rust won't even be a viable option for those customers at all if the ecosystem won't support this kind of use.

[saethlin]

I mean for our usage, the rest of RHEL packages are an obstacle, so we never even considered using a Rust toolchain from the distro. So I wonder if this is a more severe chicken-egg scenario.

[cuviper]

Fair enough. :)

[alex]

I'm one of the maintainers of pyca/cryptography, a popular Python package (top 20 downloads from PyPI most days) with a risk component. I can provide some limited stats on versions of Rust we see.

Our current MSRV is 1.41, and our next release intends to increase our MSRV to 1.48.

Looking at downloads of our source artifacts (i.e., users who need to compile themselves, excluding pre-compiled artifacts) we have rustc version data for about 1.6% of those downloads (because tracking this information requires a relatively recent pip).

Here is the % of such downloads where the rustc version is >= to each target, from the past 30 days:

1.41.0: 99.6%
1.42.0: 97.2%
1.43.0: 97.2%
1.44.0: 97.2%
1.45.0: 95.9%
1.46.0: 95.9%
1.47.0: 95.9%
1.48.0: 95.7%
1.49.0: 91.3%
1.50.0: 90.3%
1.51.0: 90.3%
1.52.0: 90.2%
1.53.0: 89.7%
1.54.0: 89.4%
1.55.0: 89.2%
1.56.0: 89.2%
1.57.0: 87.4%
1.58.0: 86.6%
1.59.0: 75.7%
1.60.0: 48.9%
1.61.0: 40.3%
1.62.0: 20.5%

Hopefully this presentation of the data makes sense.

[m-ou-se]

If/once cargo can use the rust-version from Cargo.toml to automatically pick the latest version that works on the compiler that's used, this could go a lot smoother. Then if libc 0.2.135 requires Rust 1.70, cargo will just pick libc 0.2.134 for users on Rust 1.69, such that nothing breaks that didn't need the latest libc.

[matklad]

Two scenarios for "My company pins its Rust version in CI and it takes a lot of resources to upgrade." I've seen personally:

• slipped upgrades: Rust version is pinned in rust-toolchain.toml for reproducibility and general sanity reasons. There's a process in place to upgrade that version to the stable rust, but, as everything is broken, sometimes the things slip and no one gets to actually upgrading the toolchain in a couple of months.
• pinned nightly: some part depends on nightly b/c something is not stabilized. As this is nightly, upgrades are actually non-trivial (code changes required), and get somewhat postponed.

The problem with "just using older versions of crates" is that sometimes you want to upgrade something for unrelated reason. Like, you use "latest-async-framework-my-company-fork-5.0.0.beta.8", and you want to switch to "latest-async-framework-5.0.0" b/c that has much fewer bugs, and, while doing that work, you discover you need to upgrade rustc as well.

For both of these scenarios as I've encountered them, N-1 would create measurable pain, N-4 would be OK, and N-8 would be very comfortably OK.

[CAD97]

A minor thing is build caching. When using a shared Rust compilation cache, it's nice to be able to stay on a specific toolchain for longer, because then you get fewer rebuilds. This is maybe a less important reason for libc, though, as upgrading libc means recompiling much of the world anyway.

(And as a sidenote: it's naive to say that this policy is just for libc. libc's msrv policy basically is the baseline msrv policy for the entire ecosystem... at least for msrv at maximal dependency versions.)

It's definitely worth polling major ecosystem crates for what their msrv policy is and for what users they hold that policy. E.g. tokio has committed to a 6 month msrv through 2024 at a minimum.

Plus it's worth restating: a rust-version aware version resolution will make msrv bumping much smoother.

msrv musings

At least from my viewpoint, the realistic msrvs are

timeline	usecase
forever	for managing msrv
distro	to support source installs on distro
3 year	glacier pace / previous edition
1 year	foundational crate with low need for new language features
6 month	reasonable LTS compromise for core libraries
3 month	reasonable lead time for most libraries

But also, it's imho silly to try to enforce msrv without an msrv supporting dependency resolution. Right now, the best we have is -Zminimal-versions, and libraries ideally should be testing with that anyway to ensure their manifests are accurate. For consumers, the default maximal versions avoiding too-new rust-version basically unlocks msrv from essentially being ecosystem-wide to being a localizable concern.

[BurntSushi]

(And as a sidenote: it's naive to say that this policy is just for libc. libc's msrv policy basically is the baseline msrv policy for the entire ecosystem... at least for msrv at maximal dependency versions.)

Yeah I think @joshtriplett and I discussed this briefly above. I think that's the idea behind considering the MSRV policy for libc first. It starts with the most expansive question.

[joshtriplett]

@alex Thank you, that's useful information. Would it be possible to get, rather than the last 30 days, three chunks of this information? Specifically: 2022-04-07 to 2022-05-19 (while 1.60 was newest), 2022-05-20 to 2022-06-30 (while 1.61 was newest), and 2022-07-01 to today (while 1.62 was newest)?

It would help to see how much correlation that has. (Which in turn will depend on how many of your users get rust from rustup vs a distribution package; I would guess many do, but this will at least give us a conservative bound to consider.)

Also, what does

relatively recent pip

mean here? How old is that version of pip? (We'd like to take into account the possible bias towards recent versions there.)

[epage]

Only upgrade if there's a feature we actually need.

One downside to an as-need basis is if you upgrade too infrequently, your users might build up an expectation that diverges from what is documented. clap has always had an N-2 policy but went so long without updating the MSRV that we got backlash when updating our MSRV to something less than a year old.

[matklad]

If/once cargo can use the rust-version from Cargo.toml to automatically pick the latest version that works on the compiler that's used, this could go a lot smoother.

One effect here is that we might weaken ecosystem-wide "live at HEAD" property. Today, the world mostly looks like this:

• libraries support at least some old versions, and, regardless of specific "slightly outdated rustc", any application can be upgraded to the latest version of all libraries, and, in general, most folks try to stick with latest version. So, "latest version of everything" is a mostly well-tested integration scenario.
• in the world where Cargo just transparently picks old versions of libraries, and libraries default to latest stable, there will be more heterogenity to what ends up in Cargo.lock after cargo upgrade

No idea what's the size of the effect here.

[epage]

Is there a discussion somewhere on the potential tools to help with MSRV? We've seen people try to do this on their own and the results aren't great, including misusing version requirements which doesn't work.

From a very quick scan of this thread and the cargo zulip thread, ideas include

• When cargo install fails due to package.rust-version, suggest --locked (implemented)
• When regular builds fail due to package.rust-version, teach how to use cargo update --precise (implemented)
• Update the rust-version error to report the newest compatible version of the crate
• Change our guidance and defaults around gitignoring Cargo.lock for libs so it is easier to test MSRV
• Make cargo add ignore too-new package.rust-version when auto-selecting a version
• Make cargo install ignore too-new package.rust-version when auto-selecting a version
• Make --locked the default for cargo install
• Set package.rust-version to the current version in cargo new (see Cargo should set "rust-version" for me cargo#11451)
  • And automatically inherit it from the workspace
• Have rustc produce warnings when using API items with a #[stable] newer than package.rust-version
• Find a way to stablize --minimal-versions
• Stablize #[stable] and have rustc produce warnings when API items with a #[stable] are used that are newer than the oldest compatible version
• Make cargo's dependency resolver package.rust-version aware
  • A possibly experiment for an MSRV resolver is for us to model rustc as a non-package dependency. This could possibly be extended to links and even features. This seems the most promising route outside of the PubGrub resolver project which is a large lift
• Make dependabot package.rust-version aware
  • Renovate as well
• Teach cargo to feed rust-version information back into rustup, such that rust-version acts like a rust-toolchain file, and rustup downloads and installs a sufficiently new toolchain and then builds.

[jhpratt]

For what it is worth, I will be changing the MSRV policy of time to be N-2 starting 2023-07-01.

[algesten]

@jhpratt I've read all of this thread, is there a summary of the thought process that lead up to N-2, i.e. some reasoning how the above discussion weighed into the final decision?

Or meeting notes, or something similar.

[djc]

More discussion on time is here: time-rs/time#535, I suggest any further followup is directed there, too.

[newpavlov]

I believe that the best course of action for libc will be:

• Wait for MSRV-dependent dependency version resolution cargo#9930 to be implemented and stabilized.
• Release v1.0 as per Rust Roadmap: libc v1.0 release libc#547 with rust-version equal or bigger than Rust version from the previous step.
• Adopt policy stating that MSRV can be bumped in any new release and it will be properly reflected in rust-version. The new policy will be applied only to post-v1.0 releases, while v0.2 will continue to use the current MSRV.

It's fairly conservative, but it will prevent any negative impact on the ecosystem. I am quite certain that using any N-M policy in v0.2 will result in a huge controversy, several orders of magnitude bigger than what we've seen with once_cell

[bjorn3]

I believe when libc bumped it's version from 0.1 to 0.2 that resulted in quite some issues due to some crates updating but not others (the libcpocalipse) I am pretty sure a bump to 1.0 will have the exact same issues.

[mathstuf]

A new 0.2.N release can be made that re-exports the relevant 1.0 symbols. I believe log 0.3 and log 0.4 do this so that 0.3-using crates are actually using 0.4 traits and types (in a 0.3-compatible way).

[cuviper]

If you re-export, you inherit its effective MSRV, removing that as a motivating factor for bumping to 1.0.

[Lokathor]

If 0.2 cant ever adjust its MSRV no matter how conservatively (Stable-20, surely no one can complain about that?), and we also can't ever move past 0.2 to either 0.3 or 1.0, then we're permanently stuck.

If we can agree "permanently stuck" isn't an acceptable outcome then we've gotta pick something which we might not like, that might end up just being the "least worst" path.

[BurntSushi]

@newpavlov

I am quite certain that using any N-M policy in v0.2 will result in a huge controversy

Really? I'm not. As @Lokathor mentions, N-20 is over 2 years. Another policy that is unlikely to be controversial is "whatever Debian stable ships."

AIUI, libc is set to bump its MSRV conservatively but is blocked on other stuff.

[newpavlov]

@BurntSushi
Heh, you got me. The statement was in the context of much less conservative Ms floated in this discussion, but nevertheless it's not correct.

Another policy that is unlikely to be controversial is "whatever Debian stable ships."

It will significantly reduce controversy, but will not eliminate it. I personally had misfortune of working with a system which had an older Rust toolchain than one in Debian stable and we had no choice but to use it...

[BurntSushi]

It will significantly reduce controversy, but will not eliminate it. I personally had misfortune of working with a system which had an older Rust toolchain than one in Debian stable and we had no choice but to use it...

I disagree with this framing. I do not think this would be "controversial." That's not the same as "it will never occur that someone will need to compile a crate for an environment that only offers a compiler that is too old." I do not see any reason why we should seek to completely eliminate that problem. At a certain point, it has to become unreasonable for crates to maintain arbitrarily old compiler support. At that point, it's reasonable to expect people needing support for compilers older than 2 years (say, as a very conservative MSRV target) should take on the burden of building and using older versions of crates. It's annoying to do, but not impossible. I don't see anything controversial about that.

[newpavlov]

At a certain point, it has to become unreasonable for crates to maintain arbitrarily old compiler support.

I agree and I do not argue that projects should strive to have ancient MSRVs.

But my stance is that if a project was compilable by an older toolchain, ideally, it should stay compilable with it in future without any annoyances around keeping Cargo.lock or manually pinning dependencies. This was a huge part of my motivation for writing the MSRV RFC. Until the MSRV-dependent version resolution is implemented, in my projects I consider MSRV bumps breaking changes.

[BurntSushi]

@newpavlov Thanks for making your position clear. I do not think the Rust project should abide your use case. Treating MSRV bumps as semver incompatible is completely untenable. I tried it many years ago and quickly gave it up for a variety of reasons, and I think it would be disastrous to conform to such a policy.

Further discussion of whether MSRV bumps should be semver incompatible or not should happen here: rust-lang/api-guidelines#231 It's not totally orthogonal to the MSRV discussion here I admit, but I think it would be better to try and keep them separate if possible.

But my stance is that if a project was compilable by an older toolchain, ideally, it should stay compilable with it in future without any annoyances around keeping Cargo.lock or manually pinning dependencies.

If we're going to speak in ideals, then I might as well counter with "ideally people should use a Rust compiler released in the last N years."

[TheBlueMatt]

Another policy that is unlikely to be controversial is "whatever Debian stable ships."

Where is the bar for the upgrade? The day after a new Debian stable ships? Presumably folks wouldn't have upgraded in that day. A month later? Probably easier. I'm not really sure "whatever Debian stable ships so that Debian stable users aren't blown up" is a concrete policy, itself.

[BurntSushi]

Another policy that is unlikely to be controversial is "whatever Debian stable ships."

Where is the bar for the upgrade? The day after a new Debian stable ships? Presumably folks wouldn't have upgraded in that day. A month later? Probably easier. I'm not really sure "whatever Debian stable ships so that Debian stable users aren't blown up" is a concrete policy, itself.

Surely such a policy has details that would need to be ironed out, such as the one you bring up. It was not my intention to propose it as a policy to adopt, but merely an example of one, in broad strokes, that is unlikely to be controversial.

[adamreichold]

Personally, I am mostly concerned with maintaining a crate like PyO3 under "whatever Debian stable ships" where we regularly have to modify our CI to adjust for (transitive) dependencies increasing their MSRV.

Similarly, I have experienced making a drive-by contribution to a somewhat "quiescent" crates whose CI failed due to an MSRV bump of a dependency which then resulted in the crate itself bumping its MSRV even though I proposed a commit using a Cargo.lock.msrv which however was considered too much hassle.

So for me, the part about

Wait for MSRV-dependent dependency version resolution cargo#9930 to be implemented and stabilized.

is the most relevant bullet point from #72 (comment).

I would be much more relaxed about whatever policy is considered best by those who put in the work of maintaining libc, if I knew the tooling was able to automatically select the 0.2.x point release of libc which corresponds to the current version used in my MSRV CI job.

[mitsuhiko]

If you re-export, you inherit its effective MSRV, removing that as a motivating factor for bumping to 1.0.

For libc it might be possible to start evaluating a libc-types crate that is shared between older and newer libc releases.

[bjorn3]

Most of the feature detection in libc's build.rs would still be needed if libc-types is introduced: libc_priv_mod_use (rust 1.15), unions (rust 1.19), repr(align) (rust 1.25), u128/i128 (rust 1.26), core::ffi::c_void (rust 1.30), repr(packed(N)) (rust 1.33), cfg(target_vendor) (rust 1.33), #[non_exhaustive] (rust 1.40) All of them could be avoided even by bumping just the crate defining all types to what debian currently ships with (rust 1.48).

[8573]

libc_priv_mod_use (rust 1.15), unions (rust 1.19), repr(align) (rust 1.25), u128/i128 (rust 1.26), core::ffi::c_void (rust 1.30), repr(packed(N)) (rust 1.33), cfg(target_vendor) (rust 1.33), #[non_exhaustive] (rust 1.40)

Moreover, all of these versions but the last are supported by the rustc in Debian oldoldstable, which is at version 1.34.2 or higher for all architectures and 1.41.1 for "amd64 arm64 armhf i386".