Fork me on GitHub
#other-languages
<
2023-09-05
>
dgb2313:09:39

I'm trying to make sense of why rust/cargo doesn't have namespacing in their package repository. There has to be a good reason for that, since it's a young language that could have learned from prior art, right? I came across this article that sounds like a semi-official rationale: https://samsieber.tech/posts/2020/09/registry-structure-influence/ It doesn't sound convincing to me. My hunch is that they are complecting something but I can't figure out what it is.

Noah Bogart13:09:04

i don't have any articles to point to, but I remember that the argument is along the lines of, "with namespaces, users now have to remember two things: the namespace and the name. Given that names will be duplicated, this makes it harder to differentiate between two packages of the same name (aka 'do i want noahtheduke/lazytest or stuartsierra/lazytest?'), and if you think of the namespace and the name as a single unit, you're back to no namespaces"

dgb2313:09:02

> if you think of the namespace and the name as a single unit, you're back to no namespaces I know this is not your argument, but that doesn't sound too convincing to me. A namespace has certain qualities, either by convention or enforced, that a flat name may or may not have. If those qualities are well documented and part of a culture (and tooling) then it's also not confusing or hard to differentiate between similar names in separate namespaces. Do I misunderstand namespaces or do I ascribe too much to them?

Noah Bogart13:09:28

i actually commented before reading the blog you posted, should have done that first. it seems that a lot of the actual objections are more closely related to security and immutability, and not the argument i presented. i must have misunderstood or misremembered from when these discussions were happening way back

👍 2
phronmophobic17:09:27

> First, if a crate’s name can change, that’s bad for users. They have to go figure out the new name of the package if they want to update. It's not so bad. At some point, open source clojure libraries started migrating from short names to fully qualified reverse domain based names. There's a way to mark that the coordinate has changed that tooling can take advantage of which makes it easier for users. It's not perfect, but it's not so bad either. > Second, if an identity’s crate can change (a consequence of the previous point if identities are reusable), then you’ve introduced a security vulnerability. Moving to fully qualified, reverse domain based names was motivated, in part, by security considerations. If you follow the reverse domain name convention, clojars will verify that you in fact own(ed) the domain. Again, not perfect, but I think having namespaces actually helps improve security compared to a flat namespace model. I also think this section ignores the fact that organizations do change and even split. Ignoring the problem doesn't make it go away. > A core tenet of Rust is stability. The obvious definition is that things that compile yesterday should compile today (even with a new compiler). I don't understand the point the author makes in the Stability section. Either way, clojure projects manage to be very stable even though library names are namespaced.

👍 2