The real issue here is Rust's flat namespace. In Go, for example, there's no ffmpeg crate, there's github.com/someone/ffmpeg and gitlab.com/someone-else/ffmpeg, and so on. There's no blessed, unique 'ffmpeg' package, you can't squat names, and if the first package gets abandoned, you can fork it under a new path while keeping the 'ffmpeg' name. Only the import path changes.
How does having more namespaces address the other half of the issue, of having multiple incomplete ffmpeg crates and having to decide which one to use and to support?
Not entirely true. Rust (cargo) supports git-based crates and more crate sources than just crates.io (registry = "crates-io"), however crates on crates.io doesn't currently support dependencies with crates in other registries.
Now instead of having the 2nd and 3rd packages have ugly names all of them have ugly names!
There are advantages to systems like this such as trust (I can tell that you.example/pkg1 and you.example/pkg2 are owned by the same person) and decentralization. But I don't think it helps with the later packages having ugly names.
Go did exactly that, where Maven's 'Project group identifier' is an URL you control, e.g. github.com/<your-account> but also <your-website>/go-pkg or whatever you want. Other languages did this too. Flat namespaces are more of a Rust issue (among newer languages).
Java's package identifiers doesn't work at all, since organizations are far more transient than code (Like, even Sun doesn't exist anymore). And even if my organization still exists, one would think I should be able to hand over code to someone else, without them having to claim that they're me.
For extra bonus points, the Java directory structure being built around it is just silly, related code ends up far away in the directory tree, just because you went through a rebranding or a merger.
> Java's package identifiers doesn't work at all, since organizations are far more transient than code (Like, even Sun doesn't exist anymore).
Seems to be working for multiple decades without issues ?. If an organization is acquired (like Sun), they still have access to their namespace. It doesn't magically go away.
> For extra bonus points, the Java directory structure being built around it is just silly, related code ends up far away in the directory tree..
This is just your opinion. Many people like this systematic nature of directory hierarchy for segregation. Also, you do not require to follow this source language convention in case you don't like it. It is only required that the compiled class be in a nested directory structure for class-loader pickup
Ie You can still you put custom_src/foo/MyClass.java with package com.bingo.tringo;, it’ll still compile, and Maven will output: target/classes/com/bingo/tringo/MyClass.class
> Seems to be working for multiple decades without issues?
I noted a pretty damn big issue that invalidates the whole idea that the domain is a stable identifier. It's a big problem in practice, even if you're happy with keeping the old domains you may want to transfer code to someone else without giving them your domain. The solution is apparently to pretend that the problem doesn't exist. Which may be fine for Java but shouldn't be a trap that other languages need to repeat.
You can easily transfer code to someone else without giving them your domain. Nothing prevents another project from publishing your code into their published GAV. This is NOT Golang - the G in GAV is decoupled from the actual domain.
> The solution is apparently to pretend that the problem doesn't exist.
One reason in Julia for having an organization with multiple repositories is how unnecessary is in Julia to have big packages. It is better to have smaller more focused packages and combine them as necessary. Julia needs to improve some things but I don't think I have found a more modular language.
This is a short and well-articulated proposal about improving Rust crates (library) management, not what one would expect from the title. While the exact mechanism may not be the right one, I think this is a worthwhile discussion that ultimately adds more hierarchy to avoid multiple versions of half-baked crates and forks.
Microsoft solved this in COM. Your component gets a 128 bit class ID, and its interfaces also get 128 bit IDs. It's registered under that ID, and queried by that ID.
It doesn't matter what you call it, and what the files are called; two COM objects could both be FFMPEG.DLL or whatever (obviously not installed in the same directory).
When it comes to packages, users interact with the names and are used to writing names into their code when they specify dependencies, so it's not a complete no-brainer solution; but maybe some idea from that solution space could be worked into a package management system.
> But it’s sad that one person gets to gatekeep everyone else and say, “This is abandoned, I’ll keep the crate name so now you have to make a worse one or be creative.”
Wouldn't reusing the name of a package that is no longer maintained create chaos for programs that use the discontinued package.
Maybe it's not simply one-sided gatekeeping from the former managers of the package?
No, but it is equivalent of autoexec.bat like functionality. You can use it for many many things like viruses propagation, content control and even it is helpful for users ! ;)
It's just like giving external users self-modifing code access - asm, lisp, js - let's they upload it and we execute ;)
The real issue here is Rust's flat namespace. In Go, for example, there's no ffmpeg crate, there's github.com/someone/ffmpeg and gitlab.com/someone-else/ffmpeg, and so on. There's no blessed, unique 'ffmpeg' package, you can't squat names, and if the first package gets abandoned, you can fork it under a new path while keeping the 'ffmpeg' name. Only the import path changes.
How does having more namespaces address the other half of the issue, of having multiple incomplete ffmpeg crates and having to decide which one to use and to support?
In a hierarchical namespace, two different flavors of ffmpeg would fall into the same branch of the hierarchy.
It would be confusing and counterproductive to introduce, say multimedia_libs/ffmpeg because codec_libs/ffmpeg was discontinued.
A level of hierarchy does when projects in genuinely unrelated categories share a package name.
Not entirely true. Rust (cargo) supports git-based crates and more crate sources than just crates.io (registry = "crates-io"), however crates on crates.io doesn't currently support dependencies with crates in other registries.
It also supports source replacement downstream:https://doc.rust-lang.org/cargo/reference/source-replacement...
crates.io could be updated to support alternative registries.
Now instead of having the 2nd and 3rd packages have ugly names all of them have ugly names!
There are advantages to systems like this such as trust (I can tell that you.example/pkg1 and you.example/pkg2 are owned by the same person) and decentralization. But I don't think it helps with the later packages having ugly names.
If only newer languages had followed the old-fashioned Java Maven way of having the triple: groupId, artifactId and classifier's for libraries.
https://maven.apache.org/guides/mini/guide-naming-convention...
These problems simply wouldn't exist.
Go did exactly that, where Maven's 'Project group identifier' is an URL you control, e.g. github.com/<your-account> but also <your-website>/go-pkg or whatever you want. Other languages did this too. Flat namespaces are more of a Rust issue (among newer languages).
Yeah, on the spot.
Java and .NET have a couple of good ideas even if they aren't fashionable any longer.
Java's package identifiers doesn't work at all, since organizations are far more transient than code (Like, even Sun doesn't exist anymore). And even if my organization still exists, one would think I should be able to hand over code to someone else, without them having to claim that they're me.
For extra bonus points, the Java directory structure being built around it is just silly, related code ends up far away in the directory tree, just because you went through a rebranding or a merger.
> Java's package identifiers doesn't work at all, since organizations are far more transient than code (Like, even Sun doesn't exist anymore).
Seems to be working for multiple decades without issues ?. If an organization is acquired (like Sun), they still have access to their namespace. It doesn't magically go away.
> For extra bonus points, the Java directory structure being built around it is just silly, related code ends up far away in the directory tree..
This is just your opinion. Many people like this systematic nature of directory hierarchy for segregation. Also, you do not require to follow this source language convention in case you don't like it. It is only required that the compiled class be in a nested directory structure for class-loader pickup
Ie You can still you put custom_src/foo/MyClass.java with package com.bingo.tringo;, it’ll still compile, and Maven will output: target/classes/com/bingo/tringo/MyClass.class
> Seems to be working for multiple decades without issues?
I noted a pretty damn big issue that invalidates the whole idea that the domain is a stable identifier. It's a big problem in practice, even if you're happy with keeping the old domains you may want to transfer code to someone else without giving them your domain. The solution is apparently to pretend that the problem doesn't exist. Which may be fine for Java but shouldn't be a trap that other languages need to repeat.
To me it looks like there is an obvious solution: a package should be able to issue an update to change its name.
Something like
- maintainers of package com.foo.pkg want to transfer it to com.bar.pgk
- com.bar creates their own pgk clone and marks it as a successor to com.foo.pkg (with a specific version)
- com.foo.pkg pushes an update with that specific version marked as superseded by com.bar.pgk
- package managers warn users at update time that a change in namespace happened and ask for consent
This could be extended to multiple forks to let the user choose
I feel it would work fine
You can easily transfer code to someone else without giving them your domain. Nothing prevents another project from publishing your code into their published GAV. This is NOT Golang - the G in GAV is decoupled from the actual domain.
> The solution is apparently to pretend that the problem doesn't exist.
No, the problem really doesn't exist.
One reason in Julia for having an organization with multiple repositories is how unnecessary is in Julia to have big packages. It is better to have smaller more focused packages and combine them as necessary. Julia needs to improve some things but I don't think I have found a more modular language.
This is a short and well-articulated proposal about improving Rust crates (library) management, not what one would expect from the title. While the exact mechanism may not be the right one, I think this is a worthwhile discussion that ultimately adds more hierarchy to avoid multiple versions of half-baked crates and forks.
Common Lisp has https://github.com/sharplispers for exactly this reason.
Microsoft solved this in COM. Your component gets a 128 bit class ID, and its interfaces also get 128 bit IDs. It's registered under that ID, and queried by that ID.
It doesn't matter what you call it, and what the files are called; two COM objects could both be FFMPEG.DLL or whatever (obviously not installed in the same directory).
When it comes to packages, users interact with the names and are used to writing names into their code when they specify dependencies, so it's not a complete no-brainer solution; but maybe some idea from that solution space could be worked into a package management system.
> But it’s sad that one person gets to gatekeep everyone else and say, “This is abandoned, I’ll keep the crate name so now you have to make a worse one or be creative.”
Wouldn't reusing the name of a package that is no longer maintained create chaos for programs that use the discontinued package.
Maybe it's not simply one-sided gatekeeping from the former managers of the package?
Totally random, but your blog theme has similar vibes to mine https://jason.today + serif font
Standardizing on one external code hosting solution (GitHub) instead of a community managed one is not a solution.
No, but it is equivalent of autoexec.bat like functionality. You can use it for many many things like viruses propagation, content control and even it is helpful for users ! ;)
It's just like giving external users self-modifing code access - asm, lisp, js - let's they upload it and we execute ;)
#DONOTSENDCODE Manifesto, where ?