(name . bug-guix)(address . bug-guix@gnu.org)
d98e6721-7fcc-8b13-db36-13c66ee08397@telenet.be
X-Debbugs-CC: Aleksandr Vityazev <avityazev@posteo.org>
X-Debbugs-CC: Nicolas Goaziou <mail@nicolasgoaziou.fr>
(^ the pseudo-header, IIUC)
The patch series 53315 by Aleksandr Vityazev and accepted by Nicolas
Goaziou adds a crate rust-sqlite3-src that bundles sqlite3.
Bundling is against Guix policy for the reasons explained in the manual
I ask to:
(a) Remove the bundled copy (and if needed, adjust build.rs to always
do the pkg-config)
or
(b) Remove rust-sqlite3-src and dependents.
Additionally, for the future, I ask to check packages for bundling, and
recommend the following tricks for detecting bundling:
* if a crate name ends with -sys, there is a good chance it bundles
things
* likewise, if the synopsis or description mentions 'Bindings',
there's a good chance it bundles things.
* if a crate name contains some variation of the word 'source'
(e.g., -src), that can indicate bundling.
* if the Cargo.toml mentions 'bundled', 'system' or 'vendor' its
[features], it is bundling things.
* if the source code of a Rust package contains a .c or .h file,
it's likely bundling things
I would like to note that the bundled copy (version 3.34.1) has known
bugs that were fixed in later versions (including a CVE), according to
the changelog on the sqlite website.
Greetings,
Maxime