Through dependency graph GItoxide has a RSVM requirement of 1.88.

For me that means exactly to never use Gitoxide and stick using libgit2 bindings because they retain software ubiquitos across environment and toolchains.

This also thought me an important lesson: using well established C-library throught bindings is 9/10 times a better choice than using equivalent "pure Rust" implementation. This does not mean that the Rust implementation would be somehow"worse", generally it just seems that Rust developers are completely ignorant of optimizing things like RSVM.

That leaves you two options.

1. Use a really old version of "pure Rust" library in order to maintain RSVM of your choice. Usually this means using a version, which never will be updated.
2. Use Rust-bindings of a C-library and have always up to date version of the dependency while retaining RSVM of your choice.

The crazy RSVM requirement of Gitoxide zeros down its applicability for anything production. I will never touch it again.

#rustlang

@jarkko Most of this might be obvious to you but for some readers, they may walk away with the wrong impression.

`gix`s MSRV (the acronym generally used in the ecosystem) for the latest version is 1.82. As you mentioned, the latest version of some dependencies may be higher. The MSRV-aware resolver can help select versions compatible with your tool chain. You don't have to update your MSRV to use it, just your development version.

Whether those transitive deps is a problem or not is dependent on which dependencies they are and their role in your application. Presumably, you'll eventually update your MSRV and get those newer versions, so it is not likey you'll never see them. And updating your toolchain is one mitigation option. An important question in all of this is your motivation for your MSRV as that will dictate your willingness to update your toolchain to get newer features, either from Rust or your dependencies.

When contemplating not getting updates when using an old toolchain, remember you are using an old, unsupported dependency, your toolchain.

@epage, For such as serious lib crate I'd proactively maintain fairly conservative RSVM for the full nested dependency graph.

Otherwise, in the end of the day, the developer experience will suck and the crate does not scale, which means also scaling *down* (for some amount) when going to e.g., embedded builds.

@epage It's not like I "want it to suck". Just noticed that I only need to add e.g., BuildRoot to the equation and it'll be hell with anything using Gitoxide :-) So I migrated already functional code using Gitoxide back to libgit2 because I don't want to spend my days and focus with that crate.

@epage And in the end of the day this is a cultural and a process issue.

E.g., let's imagine if Gitoxide tried to control RVSP better than today. That would ripple to its dependencies via build regression reports (in some cases).

"Pure Rust" makes only sense (from pragmatic AND *in production* perspective) if it delivers at least being as ubiquitos as an equivalent C-library. It's bare minimum expected to consider Gitoxide as a serious alternative to libgit2, which one of the most mature and stress tested libraries in existence.

@jarkko what is rsvm?

@penguin_brian TBH, it is gibberrish :-)

Thanks for asking. I was trying to refer to minimum supported rust version (MSRV).

@jarkko what minimum version do you consider reasonable

@tshepang none because it is a context dependent question

@jarkko what would it need to be for gix, for you to not migrate away

@tshepang OK thanks, that is fair question :-) I just answer always based on context.

For a project like Gix I'd probably ollow Debian stable's rustc if possible (by realistic measures).

And if rustc in stable is getting old lookup:

1. If backports has a newer version consider that.
2. If testing branch of Debian has been freezed that might also be good choice.

I picked Debian because it has the most concervative baselines overall. If you can maintain your project within those constraints your Linux distribution converage is literally all the major Linux operating systems in existence.

And yeah sorry, of course I will retry Gitoxide one day again when I get out of recent frustrations with it. You just have to say one nasty childish thing to get over it :-) Sorry about that.

@tshepang and not saying this is the exact pattern what should be followed. Just one way to look at the problem. Being ubiquitos and maximizing deployabiltiy and being "at the bleeding edge" tend to be two contradicting goals that exist in any possible language and tool ecosystem, and thus they need to be balanced out.

@jarkko sidenote, I have a tool that uses libgit2 myself, and have been considering a different dependency in the hope for a better api (because libgit2 is not exactly pleasant)

@jarkko it is interesting to see gitoxide have external users at such an early stage

@tshepang i just wanted to see how it works and see if i could bend it do stuff i was doing :-)

i did not observe any actual functional issues.