As the co-maintainer/co-author of the
mongodb crate, I think I can provide a bit of insight, as I think that
mongodb is in a bit of a different situation from most other crates.
First, though, I think it’s important to note that both
chrono and and
mongodb are pre-1.0, meaning all the caveats about a lack of stability apply. I assume that
chrono is being audited as a part of the ongoing Rust libz blitz due to its wide usage in the ecosystem, so hopefully we’ll see fewer of these types of things in the future, but I think it’s important to be aware of the possibility of hiccups like this happening.
mongodb specifically, the issue arose out of the fact that the
mongodb crate is tightly coupled with the
bson crate, but two two crates have different owners. The reason for this is that the
bson crate predates the writing of the MongoDB driver, and we didn’t feel that there was a strong reason to write our own library rather than work with the author of the
bson crate. My co-author was given write access to the
bson repository, but does not have publish access for the crate. Because of this, he was able to update the dependency in
bson on Github, but we couldn’t fix the driver until the original author published a new version of
bson. I think can be solved by asking the original author of
bson to grant my co-author publish access for the
bson crate, but I’d understand if the author is reluctant to do so, and I’m not super fond of the idea of forking
bson at this point, as we’ve worked quite well with them since first contacting them.
Because of the somewhat unique circumstances surrounding
mongodb's relationship with
bson, I’m not convinced that there’s an underlying issue with the Cargo/crates.io ecosystem but more of a social kink in the way
mongodb are maintained, which we’ll need to think about going forward.
A quick note on the name of the repo for
mongo-rust-driver-prototype: this is more of a MongoDB thing than a Rust thing. My co-author and I originally wrote the driver when we interned at MongoDB, so although we both still maintain it, it’s still owned by MongoDB. Given that the driver was written by people who were working at MongoDB at the time, that I’m currently working at MongoDB full-time (on the C++ driver though, not the Rust driver), and that the driver is owned by MongoDB and hosted on a MongoDB-owned repository, we want to be perfectly clear that while the
mongodb crate supports MongoDB (the database), it is not officially supported by MongoDB (the company). Given that all the repositories of the drivers officially supported by MongoDB (the company) are named “mongo-[lang]-driver” (e.g. “mongo-cxx-driver”, “mongo-ruby-driver”), we just appended “prototype” to the name of the Rust driver repository to indicate that it is not a “MongoDB officially supported driver”. If at some point MongoDB (the company) decides to start officially supporting a Rust driver, the driver’s repository will be named “mongo-rust-driver”.
tl;dr pre-1.0 crates are by definition unstable, coordination between authors of multiple crates can take a couple of days, Cargo/crates.io wasn’t really the cause of the delay for the fix, and the version number of
mongodb is what indicates that it’s unstable, not the name of the repository
EDITED: Fixed a grammatical error, clarified part of the tl;dr, and added the word “not” to “I’m not super fond” because I accidentally said the opposite of what I meant