Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-pkg-debian-owner+archive@lists.postgresql.org>)
	id 1ttk98-00Gc5A-FZ
	for pgsql-pkg-debian@arkaria.postgresql.org; Sun, 16 Mar 2025 09:19:02 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-pkg-debian-owner+archive@lists.postgresql.org>)
	id 1ttk87-00BKO0-3U
	for pgsql-pkg-debian@arkaria.postgresql.org; Sun, 16 Mar 2025 09:17:59 +0000
Received: from magus.postgresql.org ([2a02:c0:301:0:ffff::29])
	by malur.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <smallkeen@gmail.com>)
	id 1ttiUR-00AF5V-L3
	for pgsql-pkg-debian@lists.postgresql.org; Sun, 16 Mar 2025 07:32:55 +0000
Received: from mail-pj1-x1035.google.com ([2607:f8b0:4864:20::1035])
	by magus.postgresql.org with esmtps  (TLS1.3) tls
 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <smallkeen@gmail.com>)
	id 1ttiUN-0038uk-2l
	for pgsql-pkg-debian@postgresql.org;
	Sun, 16 Mar 2025 07:32:55 +0000
Received: by mail-pj1-x1035.google.com with SMTP id
 98e67ed59e1d1-301493f45aeso1720110a91.1
        for <pgsql-pkg-debian@postgresql.org>;
 Sun, 16 Mar 2025 00:32:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1742110371; x=1742715171;
 darn=postgresql.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=A28uRqAblYAFzBC8clUfQJY+rnlRRJcn/pCWri9rAKc=;
        b=kvg7h941agjz56fwbQds0j/j6lDXYmVekmDZ0ZOeWkXLw4mXrvduzqjBYCvcI3IOPd
         NdUc1XHmiEbNd2q7ekNgh/RMvtDaqEP1Xicex6Lf4XxHcJgzIr+tR/fgsW2x3gxD0iib
         irdKnEuc0XgTVee82y9+9SBH1wZe7Y5xnfRA7OLbHsA+rSHxAKM5sRJEgtChVnaEUKox
         SKNeB4jHoAnPQbf+6YWo21wPD/xydTzdv6bf7YWqL1xQO/7AmmEZXPG1/ondPIby1Yg9
         ycvczulD4a1YfIfkJQ69Z6tQ1Zxh6lNafEw8PmCwJdj93Eu9gRamnJP0i5l9mG0OAB8I
         cldg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1742110371; x=1742715171;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=A28uRqAblYAFzBC8clUfQJY+rnlRRJcn/pCWri9rAKc=;
        b=wbiMtdjBco7Rydap973cY2oIIdzW9ng649oYDWe8alj3kkxiDOddRNyAidkA+ScE4+
         OfM75qZj4++GjAuDasyTyr1k0saYRoj16UjR4Y9bDxUXF8yD2s3VTO5u1DYSxpOqlbu/
         /4r84g74fBFOVUoWmqRDz0Gz1/7X/R5DAqmGERD8/QsoG9AyMNFdfRQjXO4d4XYPBNRE
         1r3xZx07vgv0Tc6LO/WkUTY5iqD3VeJlfc1rvb6yVyCmX+3cuc09fBD9OrAkNFkqjViZ
         ECl2bTZEFuKbOGyamDKCoWt1mevWmHvrPAFjQZ6A9c0ikvM3lTCbDc/zWhH/DLHk32ZZ
         HZWQ==
X-Forwarded-Encrypted: i=1;
 AJvYcCWY2obJC9RQcuO/qBcpUtqJTxpW6gav9Efx983e7rvkwSUkc+CZXDw/0grs6ZuwsI8mUcNo2V6xiv2VOpd6XOH7@postgresql.org
X-Gm-Message-State: AOJu0YwPfb2NccISZwr+WvJnZg9rjIGgzISDez/TRZHIG0baTSnyT8+s
	gdXpNM36thuHqYFGTNmO+5KMUBGHEWDPHq5AnLtTO8UDGlwAP+AJPPe33Xp405Nt5rZlzBWMy9N
	NZxoA8w8SUOV1V7o2FPKoxHlH4YE=
X-Gm-Gg: ASbGncujbvNr+giso54yT2tJs9xVrRj2Sd0ZEuh+mKYDwj+mZzs2ZbNKw7UMQ2xt+xs
	v4ccchCPdlfnD8JRo77oMl2+D71gpm9dORo+T7jUQWcLMvvyrKhogu8Re+AwNRvbne+AZgVSxqY
	pqsg5JAABTDFYRFSzzt/z6J773oLZxUU1IEiRybw==
X-Google-Smtp-Source: 
 AGHT+IG185GXqo/BbKFnIbUobtuUCfriQCvi5q8K2QyXf0byqrAvXtwHxvI43sjAVulEpjh7614dEy51SGWb24Cs1/Y=
X-Received: by 2002:a17:90b:568c:b0:2ff:4f04:4261 with SMTP id
 98e67ed59e1d1-30151d65696mr8219686a91.34.1742110370945; Sun, 16 Mar 2025
 00:32:50 -0700 (PDT)
MIME-Version: 1.0
References: 
 <CAMp+ueYqZNwA5SnZV3-iPOyrmQwnwabyMNMOsu-Rq0sLAa2b0g@mail.gmail.com>
 <Z9GPdbIu89nMuB60@msg.df7cb.de>
 <CAMp+ueYwj54J4au4+MBtgR45KWAf+JLB6PX8-QWe7md2dDwgjw@mail.gmail.com>
 <CAOMoQbREwfeDARhD-Hxvfoh=oLNQWKbhxU4qdUcL80xfOQbhTQ@mail.gmail.com>
In-Reply-To: 
 <CAOMoQbREwfeDARhD-Hxvfoh=oLNQWKbhxU4qdUcL80xfOQbhTQ@mail.gmail.com>
From: Smolkin Grigory <smallkeen@gmail.com>
Date: Sun, 16 Mar 2025 14:32:39 +0700
X-Gm-Features: AQ5f1JpDldyqh6rMA--eqt6bUP55pfmEgYJEAZVDp-AR85rsdBtpVqa3I7md2Ew
Message-ID: 
 <CAMp+ueYLbjjVuvUJPsi7zQSW0bM++xAcg=SR7RSSzNDmgLOqhw@mail.gmail.com>
Subject: Re: Packages for pg_doorman
To: Bradford Boyle <bradford.d.boyle@gmail.com>
Cc: Christoph Berg <myon@debian.org>, pgsql-pkg-debian@postgresql.org
Content-Type: multipart/alternative; boundary="000000000000d1e832063070ad8b"
List-Id: <pgsql-pkg-debian.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-pkg-debian@lists.postgresql.org>
List-Owner: <mailto:pgsql-pkg-debian-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-pkg-debian>
Archived-At: 
 <https://www.postgresql.org/message-id/CAMp%2BueYLbjjVuvUJPsi7zQSW0bM%2B%2BxAcg%3DSR7RSSzNDmgLOqhw%40mail.gmail.com>
Precedence: bulk

--000000000000d1e832063070ad8b
Content-Type: text/plain; charset="UTF-8"

> Can we use cargo vendor?
> https://doc.rust-lang.org/cargo/commands/cargo-vendor.html
>My understanding is that Debian policy >does not permit downloading
>during the build [0].

>Would it be acceptable to install the compiler from https://rustup.rs/
during package building?
>> My understanding is that Debian policy does not permit downloading
during the build [0].

Ok, I suppose we have to live with distribution compiler. Though, it may
make some old systems without rust 1.70.0 unsupportable.

>> According to this post [1] on the debian-rust mailing list, "vendoring
should be avoided unless there is a very good reason not to".
>> The Debian Rust packaging team has a pretty comprehensive guide [2] and
it looks like they have tooling to help assist with the packaging process.

I think we have a very good reason here - a lot of distributions of
different versions with different libversions. Even making it just to be
"compilable" would require tremendous effort, supporting it will be
unmanageable.

I see no good reason not to use vendoring in case of "multiple
distribution"-build process.
    1. It's a tarboll artifact, released with main project, under the same
release tag.
    2. It is reproducible and has public hash, so it can be verified.
    3. It allows local build, nothing has to be downloaded.
    4. Consistent binary behavior across multiple distributions.

--000000000000d1e832063070ad8b
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"auto"><div class=3D"gmail_quote gmail_quote_container" dir=3D"a=
uto"><div dir=3D"ltr" class=3D"gmail_attr"><div dir=3D"ltr" class=3D"gmail_=
attr">&gt; Can we use cargo vendor?</div><div dir=3D"ltr" class=3D"gmail_at=
tr">&gt; <a href=3D"https://doc.rust-lang.org/cargo/commands/cargo-vendor.h=
tml">https://doc.rust-lang.org/cargo/commands/cargo-vendor.html</a></div><d=
iv dir=3D"ltr" class=3D"gmail_attr">&gt;My understanding is that Debian pol=
icy &gt;does not permit downloading</div><div dir=3D"ltr" class=3D"gmail_at=
tr">&gt;during the build [0].</div><div dir=3D"ltr" class=3D"gmail_attr"><b=
r></div><div dir=3D"ltr" class=3D"gmail_attr">&gt;Would it be acceptable to=
 install the compiler from <a href=3D"https://rustup.rs/">https://rustup.rs=
/</a> during package building?</div><div dir=3D"ltr" class=3D"gmail_attr">&=
gt;&gt; My understanding is that Debian policy does not permit downloading<=
/div><div dir=3D"ltr" class=3D"gmail_attr">during the build [0].</div><div =
dir=3D"ltr" class=3D"gmail_attr"><br></div><div dir=3D"ltr" class=3D"gmail_=
attr">Ok, I suppose we have to live with distribution compiler. Though, it =
may make some old systems without rust 1.70.0 unsupportable.</div><div dir=
=3D"ltr" class=3D"gmail_attr"><br></div><div dir=3D"ltr" class=3D"gmail_att=
r">&gt;&gt; According to this post [1] on the debian-rust mailing list, &qu=
ot;vendoring should be avoided unless there is a very good reason not to&qu=
ot;.</div><div dir=3D"ltr" class=3D"gmail_attr">&gt;&gt; The Debian Rust pa=
ckaging team has a pretty comprehensive guide [2] and it looks like they ha=
ve tooling to help assist with the packaging process.</div><div dir=3D"ltr"=
 class=3D"gmail_attr"><br></div><div dir=3D"ltr" class=3D"gmail_attr">I thi=
nk we have a very good reason here - a lot of distributions of different ve=
rsions with different libversions. Even making it just to be &quot;compilab=
le&quot; would require tremendous effort, supporting it will be unmanageabl=
e.=C2=A0</div><div dir=3D"ltr" class=3D"gmail_attr"><br></div><div dir=3D"l=
tr" class=3D"gmail_attr">I see no good reason not to use vendoring in case =
of &quot;multiple distribution&quot;-build process.</div><div dir=3D"ltr" c=
lass=3D"gmail_attr">=C2=A0 =C2=A0 1. It&#39;s a tarboll artifact, released =
with main project, under the same release tag.</div><div dir=3D"ltr" class=
=3D"gmail_attr">=C2=A0 =C2=A0 2. It is reproducible and has public hash, so=
 it can be verified.</div><div dir=3D"ltr" class=3D"gmail_attr">=C2=A0 =C2=
=A0 3. It allows local build, nothing has to be downloaded.</div><div dir=
=3D"ltr" class=3D"gmail_attr">=C2=A0 =C2=A0 4. Consistent binary behavior a=
cross multiple distributions.</div></div></div></div>

--000000000000d1e832063070ad8b--