Dependency on rust removes support for a number of platforms

It&#x27;s unfortunate that some platforms got dropped, but OTOH all these platforms seem to be 30 years old, niche, and discontinued by their original manufacturers.<p>If someone has antique computer that still works, that&#x27;s great, but they shouldn&#x27;t expect to have the <i>latest</i> software for it.

If you are using open source packages in a corporate setting you really should be a) pinning versions b) maintaining secure, internal mirrors instead of always pulling from Github etc. That would prevent breaking your builds without being intentional about it, regardless of what changes upstream introduces.

There is a lot of &quot;right side of history&quot; &#x2F; &quot;get with the program&quot; smugness coming from the Rust camp, this bug report and other discussions. Claims of improved security are used as an ultimate, unbeatable-by-definition, trump card.<p>This might prove right eventually - or might very well end up just like Java, for which similar claims were made. The smugness around Java was moderated a bit by the more corportey image of it, but the gist was quite similar nonetheless. Let&#x27;s just say openly: the smugness is using up a lot of natural goodwill, and generating its own pushback. As there&#x27;s no widely acknowledged &quot;equal competitor&quot; to Rust (why?), something feels &quot;off&quot; about the whole situation.

pyca&#x2F;cryptography replaced C code with Rust code without bumping the major semver. This broke people&#x27;s CI because it removed support for certain platforms which Rust barely supports or doesn&#x27;t support at all. People are arguing over this change in the github comments, but the problem from my perspective is just with semver. The maintainers didn&#x27;t do semver right.<p>Edit: the maintainers didn&#x27;t do semver right because the maintainers didn&#x27;t do semver

One of the perfect example of many toxic comment of entitled users...

I’m not discounting the pains that some people are going through because of this change, but this response [1] in the issue says<p><i>&gt; The new Rust code adds exactly 0 (zero) runtime packages to Cryptography. Rust, Cargo, pyo3, its dependencies, and setuptools_rust are build-time dependencies only.</i><p>Aren’t there tools available to build this on a supported platform and integrate the binaries in the systems in use? It is a bit convoluted, but seems like a solution at least for some (?) cases <i>at additional cost</i>.<p>[1]: <a href="https:&#x2F;&#x2F;github.com&#x2F;pyca&#x2F;cryptography&#x2F;issues&#x2F;5771#issuecomment-775028182" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;pyca&#x2F;cryptography&#x2F;issues&#x2F;5771#issuecommen...</a>

Why don&#x27;t they pin their dependency version? Or is that hard to do with transitive dependencies in Python? (I&#x27;m not familiar with Python)