[FFe] rustc: Downgrade cargo from Recommends to Suggests
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| rustc (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Hi,
I'd like to upload a new rustc version (see attached debdiff). In addition to the obvious security fix, this version would downgrade the Recommends: cargo to a mere Suggests: for the rustc binary.
The rationale behind the change is that we'd like to promote rustc to main (see https:/
I expect the impact on the archive to be minimal, as there are only two direct reverse-
❯ reverse-depends rustc
Reverse-Depends
* cargo
* rust-all
rust-all already has its own Depends: relationship to cargo, and as such isn't relying on rustc to provide it.
AFAIK our builders don't consider Recommends dependencies, so this change shouldn't result in build breakages.
My educated guess is that any user that wishes to install Rust and does *not* follow that community's standard way of doing things (bypassing system packages) would install rust-all or cargo directly, not expecting rustc to provide the higher-level tooling.
CVE References
| Simon Chopin (schopin) wrote | #1 |
| Łukasz Zemczak (sil2100) wrote | #2 |
| Changed in rustc (Ubuntu): | |
| status: | New → Triaged |
| Simon Chopin (schopin) wrote | #3 |
| Launchpad Janitor (janitor) wrote | #4 |
| Changed in rustc (Ubuntu): | |
| status: | Triaged → Fix Released |
I can't think of any big issues this could introduce. I don't have a strong feeling about this (although I am not a rust user), but if it makes the MIR of rustc easier, feels like something that should be considered. Okay, please proceed. Can you link to this bug in the changelog entry for the Recommends -> Suggest change?