Dependency on rust removes support for a number of platforms

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Python Cryptography Environment Management fuzz-testing Fuzzing

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • cryptography

    cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.

    • I’m not discounting the pains that some people are going through because of this change, but this response [1] in the issue says

    > The new Rust code adds exactly 0 (zero) runtime packages to Cryptography. Rust, Cargo, pyo3, its dependencies, and setuptools_rust are build-time dependencies only.

    Aren’t there tools available to build this on a supported platform and integrate the binaries in the systems in use? It is a bit convoluted, but seems like a solution at least for some (?) cases at additional cost.

    [1]: https://github.com/pyca/cryptography/issues/5771#issuecommen...

  • Poetry

    Python packaging and dependency management made easy

    • There is no standard in the Python community for versioning. From this, a lot of projects just never constrained their versions while a lot of other projects assume semver when specifying their version constraints, both wrong.

    Then there is the problem of there not being a standard dependency management system. Your `setup.py` can specify version constraints. You either over-constrain in there or have to add a whole separate process for locking your constraint.

    - You could use `pip-compile` to get a platform-specific set of constraints, requiring you to run this for every platform and python version you support. At least, since you duplicate `setup.py` into a `requirements.in`, you can override transitive dependencies.

    - You could use `pipenv` and just capture what you happened to install, from constraints or directly, from a specific machine

    - You could use Poetry which solves most of these problems except they've put their heads in the sand regarding how bad versioning is within the Python ecosystem and refuse to support overriding transitive dependencies despite being modeled off of Rust's Cargo which does support it despite the Rust ecosystem being good with versioning [1]

    [1] https://github.com/python-poetry/poetry/issues/697

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • trophy-case

    🏆 Collection of bugs uncovered by fuzzing Rust code

    • To add data on the Rust side:

    https://github.com/rust-fuzz/trophy-case

    there are a few Rust ASN implementations. They've been caught running out of memory and having arithmetic overflows, but no segfaults or use-after-frees. Rust doesn't prevent all problems, but things that slip through tend to be less severe.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts