time VS libs-team

// To load RUST_LOG from .env file. dotenv().ok(); /* On Ubuntu 22.10, calling UtcOffset's offset methods causes IndeterminateOffset error!! See also https://github.com/time-rs/time/pull/297 ... */ // TO_DO: 11 is the current number of hours the Australian Eastern Standard Time (AEST) // is ahead of UTC. This value need to be worked out dynamically -- if it is at all // possible on Linux!! // let guard = init_app_logger(UtcOffset::from_hms(11, 0, 0).unwrap());

The problem is that this effects higher languages too, because they often build on libc. And on some OSes, they don't have a choice, because the system call interface is unstable and/or undocumented).

For example in rust, multiple time libraries were found to be unsound if `std::env::set_env` was ever called from a multi-threaded program. See:

https://github.com/time-rs/time/issues/293 and https://github.com/chronotope/chrono/issues/499

https://github.com/rust-lang/rust/issues/27970

https://github.com/rust-lang/rust/issues/90308

On that note, it would also be good to configure cargo-deny so that a CI pipeline and any maintainer can easily audit the current dependency versions. Sometimes CVEs require a new major semver (looking at you, time 0.1.x and thus chrono 0.4.x), so it's not enough to rely on people installing the tool with semver-compatible updates. Automatically auditing dependencies is really important, and given how easy cargo-deny makes it, I don't think many projects have any excuse not to configure it.

I've come to understand that correct support for leap seconds for time computations cannot be implemented in a reliable and globally consistent manner. Here is a GitHub discussion that touches on this.

Upgrade time to 0.3

I'm not fully aware of all the history but here's what I think happened: time 0.1 was originally a minimal wrapper around libc time functions, maintained by Alex Crichton. (I seem to remember it may have been part of the std library before 1.0, but I'm not sure about that part.) In August of 2016 it was declared to no longer be actively maintained, with the README stating bugs would still get fixed.

link to source code

In rust, both release and debug builds use a release version of the runtime. The bugs the debug version is meant to catch are much more difficult to hit in rust (often but not always requiring unsafe). There isn't currently a feature to use the debug runtime in rust-- you can only change C to match for those debug builds.

Note that this has been discussed at length (and I do mean "at length") here: https://github.com/rust-lang/libs-team/issues/72

The Compiler Team, especially the Diagnostics Working Group that improves compiler error messages. The Libs Team, for work on the contents of the standard library documentation

See https://github.com/rust-lang/libs-team/issues/72#issuecommen... for what I believe is an exhaustive list of possible ways of helping the situation.

The point is how the MSRV of a popular crate affects this dynamic for other crates. For an even more extreme example than time, see here for libc, with many heavyweights offering opinions: https://github.com/rust-lang/libs-team/issues/72

In case you haven't seen it yet, there is a very long discussion surrounding MSRV policy of the libc crate on rust-langs github repo. It's about a library, not a binary, but I think there's a lot of information in the thread, some of which will also apply to binaries.

Would you mind sharing your use case for being stuck with a particular version of Rust and why you can't upgrade? In particular with the libs team: https://github.com/rust-lang/libs-team/issues/72

Compare Stepanov's brilliant design of the STL to Rust's current reworking of their 'binary search api'. https://github.com/rust-lang/libs-team/issues/81

Maybe 'memory safety' isn't the most important thing in this world. To me, writing software that does useful things in the simplest and most correct way is what matters. I get the feeling it's harder to understand my program's correctness with Rust (I mean algorithmic correctness). The C++ standard library has time and space complexity for every algorithm. I'm not seeing that's the case with Rust (correct me if I'm wrong).

There's also the pretty fundamental libc crate that wants to choose an MSRV policy and you can see the full discussion here: https://github.com/rust-lang/libs-team/issues/72