WEBVTT 00:00.000 --> 00:06.000 Hello, good morning. 00:06.000 --> 00:08.000 Thanks everyone for joining us. 00:08.000 --> 00:10.000 So my name is Micheal Olazharas, 00:10.000 --> 00:12.000 and I'm a customer success executive at Ratat. 00:12.000 --> 00:14.000 So I'm not on the engineering part, 00:14.000 --> 00:16.000 but I contribute to Fedora during my lead 00:16.000 --> 00:18.000 Hawaii of all free time, 00:18.000 --> 00:19.000 not with me. 00:19.000 --> 00:21.000 I will tell you maybe. 00:21.000 --> 00:22.000 I think I would have might, 00:22.000 --> 00:23.000 but I can speak louder. 00:23.000 --> 00:25.000 So I'm Daniel. 00:25.000 --> 00:26.000 I'm working on a password. 00:26.000 --> 00:28.000 I had a sister so right here. 00:28.000 --> 00:31.000 I'm trying to contribute to Fedora M. 00:31.000 --> 00:33.000 and Rust and EBPF mostly. 00:33.000 --> 00:35.000 Okay, so today's talk is about Rust. 00:35.000 --> 00:38.000 There are PMs and the final out of dependency building. 00:38.000 --> 00:41.000 So let's see how this started. 00:41.000 --> 00:43.000 Daniel was working on a project, 00:43.000 --> 00:44.000 I just called BPSman, 00:44.000 --> 00:47.000 which is an EBPF manaya for Linux and Kubernetes. 00:47.000 --> 00:51.000 That is part of the CNC, since June last year. 00:51.000 --> 00:53.000 And as part of his job last year, 00:53.000 --> 00:56.000 there was decision that was done in, 00:57.000 --> 01:00.000 during first them as the introduction of BPSman. 01:00.000 --> 01:03.000 But there was another job that was being working parallel. 01:03.000 --> 01:08.000 That was to integrate BPSman into Fedora as a default EBPF manaya. 01:08.000 --> 01:10.000 So we were discussing about this. 01:10.000 --> 01:13.000 So I started to help to provide the, 01:13.000 --> 01:16.000 my little knowledge of how to package staff for Fedora. 01:16.000 --> 01:20.000 So we started some discussion on how this should be done. 01:20.000 --> 01:23.000 So let's see how we started packaging the BPSman. 01:23.000 --> 01:26.000 BPSman, BPSman, it's a main components are written in Rust. 01:26.000 --> 01:29.000 It's right now available in Fedora 42, 01:29.000 --> 01:32.000 but we started working Fedora 40. 01:32.000 --> 01:37.000 It took two releases because well dependency health as we call it. 01:37.000 --> 01:42.000 And mainly it's all the aspects written by Rust to RPM 01:42.000 --> 01:45.000 that we will show, discuss a little bit about it now. 01:45.000 --> 01:49.000 So what Rust's packaging guidelines says that all the package 01:49.000 --> 01:52.000 should not use being bundle trades. 01:52.000 --> 01:54.000 So that means that every single dependency, 01:54.000 --> 01:57.000 every single trace should be part of the distribution by, 01:57.000 --> 02:01.000 before building the final, the final interest in part. 02:01.000 --> 02:04.000 And the same thing with Fedora packaging guidelines. 02:04.000 --> 02:09.000 Every package should make effort to avoid having multiple separate upstream projects 02:09.000 --> 02:11.000 bundled to get in a single package. 02:11.000 --> 02:14.000 So taking that into mind, 02:14.000 --> 02:17.000 the main way to package Rust things, 02:17.000 --> 02:19.000 to Fedora is using Rust to RPM. 02:19.000 --> 02:22.000 Rust to RPM is a tool written by the Rust Sieg, 02:22.000 --> 02:24.000 special interest group. 02:24.000 --> 02:27.000 And it's designed and it's been used to create 02:27.000 --> 02:31.000 some templating like, that's multiple checks before creating the template. 02:31.000 --> 02:34.000 That would be the later used to build the package. 02:34.000 --> 02:37.000 This kind of tools are great because it provides like the best practices 02:37.000 --> 02:39.000 on the created spec. 02:39.000 --> 02:43.000 There's another one for go to RPM and all the kind of languages. 02:43.000 --> 02:46.000 And it helps to have like a standardized way of doing things 02:46.000 --> 02:47.000 which is always helpful. 02:47.000 --> 02:50.000 The tool is written in Python. 02:50.000 --> 02:54.000 So there are a few commands that are missing here. 02:54.000 --> 02:57.000 But it would be something like this Rust to RPM, 02:57.000 --> 02:59.000 the project you want to package, 02:59.000 --> 03:02.000 download the sources and try to build it. 03:02.000 --> 03:03.000 So in the case of PPFMA, 03:03.000 --> 03:08.000 we can see that it was just already alert in the 14 different 03:08.000 --> 03:12.000 components we're missing to be able to build PPFMA or PPFMA. 03:12.000 --> 03:13.000 Sorry. 03:13.000 --> 03:15.000 So let's, for example, start with the first one. 03:15.000 --> 03:16.000 It was IAR. 03:16.000 --> 03:21.000 You try to be LIA with the same commands and you see that IAR is missing IAR object. 03:21.000 --> 03:25.000 So you try to be LIA object to have IAR to have BPFMA. 03:25.000 --> 03:29.000 And you see that IAR object is missing in the BPF. 03:29.000 --> 03:34.000 And you go with the BPF to have IAR object to have IAR to have BPFman. 03:34.000 --> 03:36.000 And you see that you are missing JSON. 03:36.000 --> 03:40.000 And then you try to build JSON and you see that JSON is already available in federal 03:41.000 --> 03:42.000 but it's not a release you want. 03:42.000 --> 03:45.000 So you need to check the sources and see what you can do here. 03:45.000 --> 03:48.000 Like update the package or just patch it or whatever. 03:48.000 --> 03:52.000 And we can keep with other components like OECB distribution. 03:52.000 --> 03:54.000 You see that it's missing for packages. 03:54.000 --> 03:58.000 And we will start with like OCI and checking what's is missing. 03:58.000 --> 03:59.000 And so on and so on. 03:59.000 --> 04:01.000 And you find 6 star. 04:01.000 --> 04:04.000 And it's missing 22 dependencies. 04:04.000 --> 04:08.000 And well, I guess you see the trend, what's the trend here. 04:08.000 --> 04:10.000 And what's the main problem to package. 04:10.000 --> 04:13.000 Something complex as BPFman. 04:13.000 --> 04:16.000 So during our initial investigations, 04:16.000 --> 04:19.000 we found that the word like several different stacks that were missing. 04:19.000 --> 04:21.000 Including no shady distribution, 04:21.000 --> 04:23.000 sick store, tonic or system digital. 04:23.000 --> 04:26.000 But the word like other dependencies that were two new. 04:26.000 --> 04:27.000 For Fedora. 04:27.000 --> 04:30.000 So that means that we had to update the ones that were in Fedora. 04:30.000 --> 04:34.000 Maybe in some occasions could be like creating compact packages. 04:34.000 --> 04:37.000 Or patching other packages to be able to use the new dependencies. 04:38.000 --> 04:40.000 Another word like tool. 04:40.000 --> 04:44.000 BPFman were using dependencies that were tool for Fedora. 04:44.000 --> 04:51.000 So that required BPFman to to update the code or in the dependencies. 04:51.000 --> 04:54.000 The thing is that. 04:54.000 --> 04:57.000 Based on in our so-called investigation, 04:57.000 --> 05:02.000 we saw that more than 200 new packages were required to include BPFman as part of Fedora. 05:02.000 --> 05:06.000 And that's quite complex thing to do just for one package. 05:06.000 --> 05:10.000 So that's when we started to discuss why not build everything 05:10.000 --> 05:14.000 and to make Danny's life a little bit easier. 05:14.000 --> 05:17.000 Now, Danny will tell you what the steps to do so. 05:17.000 --> 05:18.000 Let's do that. 05:18.000 --> 05:20.000 Let's see if it works. 05:20.000 --> 05:21.000 Don't go too far away. 05:21.000 --> 05:22.000 Okay, this is here. 05:28.000 --> 05:29.000 Can you talk to me well? 05:29.000 --> 05:30.000 It's okay. 05:30.000 --> 05:31.000 Awesome. 05:31.000 --> 05:33.000 So let's make all the same. 05:33.000 --> 05:36.000 So far, like the current status. 05:36.000 --> 05:37.000 Well, it wasn't great. 05:37.000 --> 05:39.000 So I originally intended to go. 05:39.000 --> 05:41.000 Every dependency. 05:41.000 --> 05:44.000 But it was a pain because in the end as you say, 05:44.000 --> 05:46.000 there was more than 200. 05:46.000 --> 05:48.000 So I guess that even at the very end, 05:48.000 --> 05:52.000 it was 500, especially because there were two main, 05:52.000 --> 05:54.000 let's say, 05:54.000 --> 05:55.000 worse offenders. 05:55.000 --> 05:57.000 We were basically A. 05:57.000 --> 06:00.000 It has a lot of BPFstar in the hood. 06:00.000 --> 06:01.000 And of course, 6 store. 06:01.000 --> 06:06.000 We saw the missing cryptographic SSLs and so forth. 06:06.000 --> 06:09.000 So we were wondering about, like, 06:09.000 --> 06:14.000 okay, what if we bend or bendering comes also with a lot of responsibility? 06:14.000 --> 06:15.000 Which is okay. 06:15.000 --> 06:19.000 We can also use Rust to RPM to the bendering. 06:19.000 --> 06:21.000 So it offers you a dashboard option. 06:21.000 --> 06:23.000 And then you can just handle it all. 06:23.000 --> 06:25.000 But well, theoretically. 06:25.000 --> 06:29.000 Because there's an option in Rust to RPM. 06:29.000 --> 06:31.000 Which is super cool. 06:31.000 --> 06:33.000 It allows you to do patching from the cargo. 06:33.000 --> 06:35.000 Toma let you go out for your own spec. 06:35.000 --> 06:37.000 And that's great. 06:37.000 --> 06:40.000 But that really doesn't work when you do bendering. 06:40.000 --> 06:44.000 Because it's basically just only affecting the cargo. 06:44.000 --> 06:45.000 Toma on your own. 06:45.000 --> 06:47.000 So in this example here. 06:47.000 --> 06:49.000 And I'm going to do this big enough. 06:49.000 --> 06:51.000 If not, I can make it bigger. 06:51.000 --> 06:52.000 But anyway. 06:52.000 --> 06:55.000 So let me get you an example. 06:55.000 --> 06:57.000 One of the biggest offenders was, 06:58.000 --> 07:00.000 even by legal issues, 07:00.000 --> 07:03.000 I create a graphic dependency that we can't really use. 07:03.000 --> 07:06.000 It's B4-3 for a elliptic curve. 07:06.000 --> 07:08.000 That's fabulous for sure. 07:08.000 --> 07:09.000 Kindly told us. 07:09.000 --> 07:12.000 And well, we had a quite a discussion with that. 07:12.000 --> 07:14.000 So I was wondering, 07:14.000 --> 07:17.000 okay, how do I handle this kind of situation? 07:17.000 --> 07:20.000 Do it on, and then the solutions were, 07:20.000 --> 07:21.000 yes, create a straight. 07:21.000 --> 07:22.000 Do it by hand. 07:22.000 --> 07:25.000 I wouldn't do things by hand just to let you see. 07:25.000 --> 07:27.000 Or just give it a try. 07:27.000 --> 07:28.000 See how it works. 07:28.000 --> 07:29.000 It's really just work. 07:29.000 --> 07:33.000 So after give it a try. 07:33.000 --> 07:35.000 So first, and before I handle it, 07:35.000 --> 07:37.000 you said, okay, I'll just make some buzzescript 07:37.000 --> 07:39.000 that gets called on the prep site. 07:39.000 --> 07:40.000 And we'll do that. 07:40.000 --> 07:42.000 What happened for me? 07:42.000 --> 07:43.000 I, okay. 07:43.000 --> 07:46.000 I wasn't really that noticeable at cargo. 07:46.000 --> 07:50.000 So cargo has a checksum that handles in the bendering. 07:50.000 --> 07:54.000 And it doesn't provide you with tools to re-run it again. 07:54.000 --> 07:58.000 So what happened was that you had these checksum 07:58.000 --> 08:00.000 for this specific cryptography, 08:00.000 --> 08:01.000 looks on the liquid crypto. 08:01.000 --> 08:03.000 It can just take it out later. 08:03.000 --> 08:06.000 And then you said, hey, I'm not fine with you. 08:06.000 --> 08:09.000 You modified this and it's, I'm not happy with that. 08:09.000 --> 08:12.000 So I started to take how different packets 08:12.000 --> 08:14.000 is where hell in this. 08:14.000 --> 08:16.000 Oh, this is probably the way. 08:16.000 --> 08:18.000 So the other packets are handling this, 08:18.000 --> 08:19.000 and I'll show you later on a little things. 08:19.000 --> 08:23.000 So even the pure rust packets in, in Fedora. 08:23.000 --> 08:26.000 It has a knackley hack about all, yes, 08:26.000 --> 08:31.000 delete all these checksum in, in our spec. 08:31.000 --> 08:34.000 Even worse, it's not like, yeah, it used to read those. 08:34.000 --> 08:36.000 It's that you need to do some ugly replacement 08:36.000 --> 08:39.000 and put empty JSON in every file. 08:39.000 --> 08:42.000 So I started speaking with the guys from the Rusty group, 08:42.000 --> 08:45.000 mainly Fabio, Nelson Michel Lind. 08:45.000 --> 08:49.000 And we decided to have a meeting a few days prior to the frozen here, 08:49.000 --> 08:51.000 which one of the outcomes was, hey, 08:51.000 --> 08:54.000 this is not good enough. 08:54.000 --> 08:56.000 Let's try to create something new. 08:56.000 --> 08:59.000 So we somehow were thinking about, like, 08:59.000 --> 09:02.000 I'm happy to collaborate with everybody who's interested in this. 09:02.000 --> 09:06.000 Having a new tool called RustorpM-Bendor, 09:06.000 --> 09:09.000 that's still in the works in the terms of naming. 09:09.000 --> 09:12.000 But the idea of the asset that this is going to be leaving 09:12.000 --> 09:15.000 on the RustorpM helper repo, which is in Rust, 09:15.000 --> 09:17.000 and it's going to be having just a call 09:17.000 --> 09:20.000 from basically the Python entry point from the main RustorpM. 09:21.000 --> 09:24.000 The idea for that is that we'll be able to do this kind of patching, 09:24.000 --> 09:27.000 not only for, you know, like, cargo the terminal in the spec file, 09:27.000 --> 09:30.000 but also for the Bendering, if simple. 09:30.000 --> 09:37.000 The main idea is just for this to be following one super simple Rust structure, 09:37.000 --> 09:40.000 so basically leave main.rs or something like that. 09:40.000 --> 09:44.000 I guess we shouldn't go on, you know, more complex use cases 09:44.000 --> 09:47.000 because then we will be starting having edge cases, 09:47.000 --> 09:49.000 and it's going to be very falling for us. 09:49.000 --> 09:51.000 And note, and this is really important, 09:51.000 --> 09:55.000 that we are not encouraging people to use Bendering for everything. 09:55.000 --> 09:57.000 This is going to be easier. 09:57.000 --> 10:00.000 What we Bender also comes quite a responsibility, 10:00.000 --> 10:02.000 because for instance, let's say a Dupendor, 10:02.000 --> 10:04.000 let's all migrate over for dependencies. 10:04.000 --> 10:08.000 There's an issue with those, like a security issue. 10:08.000 --> 10:12.000 The secret would be able to automatically handle that all, 10:12.000 --> 10:14.000 and also this is not go. 10:14.000 --> 10:17.000 So we can, just magically, you know, patch that they go more than him, 10:17.000 --> 10:19.000 substitute data, and that's it. 10:19.000 --> 10:20.000 As far as I know. 10:20.000 --> 10:25.000 So in the end, it's going to be depending on every maintainer responsibility, 10:25.000 --> 10:27.000 and what would happen if we don't have no. 10:27.000 --> 10:31.000 So far, we got four or five big offenders, if I remember correctly. 10:31.000 --> 10:35.000 Then sadly, one of the biggest offenders is BPM, BPM, BPM itself. 10:35.000 --> 10:38.000 And the second one is, like, the matrix client, that fractal. 10:38.000 --> 10:39.000 If I remember correctly. 10:39.000 --> 10:43.000 We got a few more, but it's not like we are encouraging people to do that. 10:43.000 --> 10:46.000 This is something like, is that it's here. 10:46.000 --> 10:49.000 You may use it, but please speak with us beforehand. 10:49.000 --> 10:52.000 So, then also, yeah. 10:52.000 --> 10:56.000 So this is when you, we are using, like, a Rastorpian dashp, 10:56.000 --> 10:57.000 this opens. 10:57.000 --> 11:00.000 This is just your, you saw a cardinal tomapile. 11:00.000 --> 11:04.000 So, for instance, you know, you may want to try what happens 11:04.000 --> 11:07.000 if we just remove this dependency, and if it goes south, for example. 11:07.000 --> 11:09.000 It creates a patch for you, and you'll be following, 11:09.000 --> 11:12.000 you'll be able to use that in your aspect. 11:13.000 --> 11:17.000 Okay, so let me also see this for you. 11:17.000 --> 11:20.000 Sorry, yeah, here. 11:20.000 --> 11:22.000 So, some examples for you. 11:22.000 --> 11:24.000 Is this big enough? They make bigger? 11:24.000 --> 11:25.000 Cool. 11:25.000 --> 11:28.000 How about now? 11:28.000 --> 11:31.000 Okay, thank you. 11:31.000 --> 11:33.000 So, this is an example. 11:33.000 --> 11:36.000 This is BPM itself, but you can see that we are doing here, 11:36.000 --> 11:40.000 and not really hack, to basically go and remove the text on. 11:40.000 --> 11:43.000 I don't think this is acceptable, and even the RastPack 11:43.000 --> 11:47.000 as itself does it this way in, in Fedora, and I've seen a lot of those. 11:47.000 --> 11:50.000 There's also another thing, I guess, we should also give you the try, 11:50.000 --> 11:52.000 which is this number one. 11:52.000 --> 11:56.000 And that's also that we spoke in this week's made in, 11:56.000 --> 12:00.000 that when you're using Rastorses, it may, every now and then, 12:00.000 --> 12:03.000 get confused by a shibank, and the macro would say boom. 12:03.000 --> 12:05.000 So, this is not all the other thing. 12:05.000 --> 12:09.000 There's a couple of things, also, there may be some more dependencies, 12:09.000 --> 12:15.000 so for instance, Ring is also, okay, so I've seen that there's a lot 12:15.000 --> 12:18.000 of package maintenance here, more for Fedora, others, 12:18.000 --> 12:21.000 but I just wondering, because when I started doing this, 12:21.000 --> 12:25.000 I noticed that I had to go and modify a lot of licenses here 12:25.000 --> 12:27.000 in some random packages. 12:27.000 --> 12:29.000 So, how many of you have had to open a pull request 12:29.000 --> 12:31.000 to every repo, just to add any license, 12:31.000 --> 12:34.000 because otherwise you wouldn't be able to get into a repo, I guess, a lot of data. 12:34.000 --> 12:36.000 Please raise your hands. 12:36.000 --> 12:37.000 Thank you. 12:38.000 --> 12:41.000 In this case, this is for Ring. 12:41.000 --> 12:44.000 The guy didn't reply to me at all, ever. 12:44.000 --> 12:47.000 So, I had to go and do this early hack as well. 12:47.000 --> 12:53.000 But getting even to the Rast itself, this is Rast in Fedora. 12:53.000 --> 12:56.000 And, again, this is what you probably, no? 12:56.000 --> 12:58.000 Okay, anyway, whoever. 12:58.000 --> 13:02.000 So, see the trends? 13:02.000 --> 13:04.000 Okay, awesome. 13:04.000 --> 13:07.000 So, let's peel back. 13:16.000 --> 13:18.000 In the end, after all these, 13:18.000 --> 13:20.000 I could finally go to have BPM on. 13:20.000 --> 13:23.000 It's meant to be in Fedora 42. 13:23.000 --> 13:25.000 It took a couple of months, sadly, 13:25.000 --> 13:27.000 but I learned a lot into the process. 13:27.000 --> 13:30.000 And I hope that we are going to be able to make the Rast Packaging 13:30.000 --> 13:32.000 better in the future for Fedora, 13:32.000 --> 13:34.000 which is a good thing. 13:34.000 --> 13:36.000 At the same time, we are getting more contributors, 13:36.000 --> 13:40.000 which is awesome, even in the north here. 13:40.000 --> 13:43.000 So, this is basically recapping a little bit, 13:43.000 --> 13:46.000 the idea that we had at the Rast, 13:46.000 --> 13:47.000 which is okay. 13:47.000 --> 13:49.000 Let's identify vendor dependencies. 13:49.000 --> 13:50.000 Apply the patches. 13:50.000 --> 13:51.000 Well, not really patched. 13:51.000 --> 13:53.000 That's what we find the vendor in dependencies. 13:53.000 --> 13:57.000 Using Rast to RPM vendor or whatever name it has in the end. 13:57.000 --> 14:00.000 And, we package now to make with Rast to RPM 14:00.000 --> 14:04.000 and push it to the repo. 14:04.000 --> 14:06.000 Recapping again. 14:06.000 --> 14:09.000 There are a few things that we identified in this meeting, 14:09.000 --> 14:12.000 so we are totally happy to get collaboration done. 14:12.000 --> 14:13.000 This is the first one. 14:13.000 --> 14:14.000 This is me. 14:14.000 --> 14:16.000 Not sure if you can see that big enough. 14:16.000 --> 14:20.000 But anyway, I'm going to be trying to put that into this separate repo. 14:20.000 --> 14:22.000 But I'm totally happy to get collaborations. 14:22.000 --> 14:26.000 And in fact, one of the important things I want to mention 14:26.000 --> 14:29.000 is that so far, most of the packages are also being commented 14:29.000 --> 14:30.000 by the Rastseek. 14:30.000 --> 14:31.000 So thank you for that guys. 14:31.000 --> 14:33.000 But this is visiting one. 14:33.000 --> 14:35.000 It will be commented by the EPPF's group, 14:35.000 --> 14:37.000 which is basically three people. 14:37.000 --> 14:39.000 So please help us. 14:41.000 --> 14:43.000 So I also wanted to highlight this. 14:43.000 --> 14:47.000 This came also as a part of the new established EPPF's group, 14:47.000 --> 14:49.000 which I also spoke about yesterday. 14:49.000 --> 14:52.000 So if you are interested in to EPPF Rast, 14:52.000 --> 14:53.000 AIA or any kind of rate, 14:53.000 --> 14:56.000 the project, please don't hesitate to write to us. 14:56.000 --> 14:58.000 Next. 14:59.000 --> 15:03.000 This is basically for people who couldn't come here. 15:03.000 --> 15:05.000 But please, please, 15:05.000 --> 15:09.000 try not to use Mandarin in Rast in Fedora. 15:09.000 --> 15:10.000 But if you need to, 15:10.000 --> 15:13.000 oh, let's get your life easier, which is the new tool. 15:15.000 --> 15:16.000 Okay. 15:17.000 --> 15:18.000 Questions of R. 15:23.000 --> 15:25.000 You don't have to go away nor is. 15:29.000 --> 15:32.000 You might get in the mic? 15:32.000 --> 15:33.000 Yeah. 15:34.000 --> 15:37.000 We have similar issue with Goseg. 15:37.000 --> 15:41.000 Do you think it could be a prior to Goseg? 15:42.000 --> 15:43.000 Yeah, go ahead. 15:43.000 --> 15:45.000 Yes, can you just, when is your, 15:45.000 --> 15:46.000 they have mic? 15:48.000 --> 15:51.000 He was saying that the Goseg also had a similar issue. 15:51.000 --> 15:52.000 I have no body things. 15:52.000 --> 15:55.000 It would be a good idea to have something to add to the Goseg. 15:56.000 --> 15:59.000 So the reason I'm going discussion at the moment, 15:59.000 --> 16:01.000 I think that there is a big difference 16:01.000 --> 16:05.000 on how Rast is packaged on upstream against 16:05.000 --> 16:07.000 compared to how Goseg is done, 16:07.000 --> 16:08.000 like I guess, 16:08.000 --> 16:12.000 like Carbo is doing checks and things like that, 16:12.000 --> 16:14.000 that go directly ignore. 16:15.000 --> 16:18.000 With Goseg, it's quite easy to fork and do, 16:18.000 --> 16:22.000 like whatever you want to do with so many dependencies. 16:22.000 --> 16:26.000 But it's true that the go and Rast have both that kind of dependency. 16:26.000 --> 16:29.000 I feel still that Gose way worse. 16:29.000 --> 16:31.000 So yeah, there is an ongoing discussion, 16:31.000 --> 16:33.000 and it should be a proposal for Fedora, 16:33.000 --> 16:36.000 43 to start moving, 16:36.000 --> 16:38.000 go packages to vendor, 16:38.000 --> 16:40.000 to be vendor ones. 16:41.000 --> 16:43.000 We did a rough estimation, 16:43.000 --> 16:47.000 that that could be to remove more than 1,500 packages from Fedora 16:48.000 --> 16:53.000 if all the main used go packages are vendor. 16:53.000 --> 16:55.000 So I think that can be a good thing, 16:55.000 --> 16:58.000 because it's such a complex to maintain them, 16:58.000 --> 17:02.000 and there is no correct dependency check between models. 17:02.000 --> 17:04.000 So someone can break the API, 17:04.000 --> 17:05.000 it will work for the application. 17:05.000 --> 17:07.000 We need to introduce compact packages, 17:07.000 --> 17:08.000 it's not easy to do anything though, 17:08.000 --> 17:11.000 because you need to be changing the path for so many things. 17:11.000 --> 17:14.000 So yeah, there is a tool that is called go vendor tools 17:14.000 --> 17:16.000 and there will be a discussion. 17:16.000 --> 17:19.000 But there is an ongoing discussion in the devil list right now, 17:19.000 --> 17:20.000 and there will be, 17:20.000 --> 17:24.000 I expect there will be a proposal for Fedora 43. 17:24.000 --> 17:26.000 In the case of Rast, 17:26.000 --> 17:28.000 as Daniel was saying, 17:28.000 --> 17:30.000 with this kind of tooling, 17:30.000 --> 17:31.000 it will be easier. 17:31.000 --> 17:33.000 I don't think that Rast is at the moment, 17:33.000 --> 17:35.000 in the situation where vendor in stuff, 17:35.000 --> 17:36.000 by default, 17:36.000 --> 17:37.000 it's a good thing, 17:37.000 --> 17:39.000 because the start to screw right now with Rast, 17:39.000 --> 17:42.000 and Rast see is much better than anything. 17:42.000 --> 17:43.000 Yeah, besides that, 17:43.000 --> 17:44.000 again, 17:44.000 --> 17:47.000 I'm telling you that vendor in comes with a lot of responsibility. 17:47.000 --> 17:48.000 I don't know if it's for about go, 17:48.000 --> 17:50.000 but I don't know if it's for about whether you would, 17:50.000 --> 17:51.000 how would you handle, 17:51.000 --> 17:52.000 like you know, 17:52.000 --> 17:54.000 upgrading the bundle dependencies, 17:54.000 --> 17:57.000 because you may get into huge security issues at some point. 17:57.000 --> 17:59.000 Thank you. 18:05.000 --> 18:09.000 I'm going to relay questions to you that are in the online chat, 18:09.000 --> 18:11.000 people who are in the feed. 18:11.000 --> 18:12.000 So one of the questions is, 18:12.000 --> 18:14.000 would it make more sense to automate, 18:14.000 --> 18:18.000 and make easier importing new SRPM dependency packages? 18:20.000 --> 18:21.000 It's repetitive, right? 18:21.000 --> 18:22.000 Sorry? 18:22.000 --> 18:23.000 I can't clarify this. 18:23.000 --> 18:24.000 I can't clarify this. 18:24.000 --> 18:25.000 I can't clarify this. 18:25.000 --> 18:27.000 I can't clarify this. 18:27.000 --> 18:29.000 I will play it for the chat. 18:29.000 --> 18:30.000 Yeah. 18:30.000 --> 18:34.000 So they say that they want to just import new dependencies 18:34.000 --> 18:35.000 with the SRPN, 18:35.000 --> 18:37.000 but the SRPN so forth, 18:37.000 --> 18:39.000 I mean, you need to have a total of the dependencies, 18:39.000 --> 18:41.000 so I don't really understand what they mean to do. 18:41.000 --> 18:43.000 Yeah, go ahead. 18:47.000 --> 18:49.000 If I understand the question correctly, 18:49.000 --> 18:53.000 it's mostly about the bottleneck for reviewing new packages. 18:53.000 --> 18:54.000 Oh, God, yeah. 18:54.000 --> 18:56.000 And, um, 18:56.000 --> 18:58.000 yes, that's sometimes a problem, 18:58.000 --> 19:00.000 but usually we have, I mean, 19:00.000 --> 19:04.000 five or six active Siegmembers in Rust. 19:04.000 --> 19:07.000 So usually the way times are not that bad, 19:07.000 --> 19:09.000 and if you need something reviewed quickly, 19:09.000 --> 19:12.000 then just ask us and we can handle that within a few days, 19:12.000 --> 19:13.000 so usually. 19:13.000 --> 19:15.000 And that's usually the bigger bottleneck, 19:15.000 --> 19:17.000 then actually making a package, 19:17.000 --> 19:20.000 because Rust2APM takes like two seconds to run. 19:20.000 --> 19:21.000 Yeah. 19:21.000 --> 19:22.000 When it works. 19:22.000 --> 19:23.000 Yeah. 19:23.000 --> 19:25.000 It usually does. 19:36.000 --> 19:37.000 It's not really a question, 19:37.000 --> 19:39.000 but I wanted to say thank you, 19:39.000 --> 19:42.000 because I am packaging for open-susers. 19:42.000 --> 19:43.000 And by default, 19:43.000 --> 19:45.000 we vendor all Rust libraries, 19:45.000 --> 19:46.000 because we don't have like, 19:46.000 --> 19:49.000 manpower to package all these dependencies. 19:49.000 --> 19:50.000 Um, 19:50.000 --> 19:52.000 and I think this will be very helpful. 19:52.000 --> 19:54.000 I try to integrate it, 19:54.000 --> 19:58.000 because I've also stumbled a lot of times across like, 19:58.000 --> 20:00.000 patching vendor Rust dependencies, 20:00.000 --> 20:01.000 and yeah. 20:01.000 --> 20:02.000 So thank you very much. 20:02.000 --> 20:03.000 Yeah, thank you very, 20:03.000 --> 20:04.000 happy to collaborate with you guys. 20:04.000 --> 20:05.000 You're very interested. 20:05.000 --> 20:06.000 Yeah. 20:07.000 --> 20:08.000 Okay, then. 20:08.000 --> 20:10.000 Any more questions? 20:15.000 --> 20:16.000 The question is, 20:16.000 --> 20:21.000 is there a reason why the word bundled was used instead of fendered? 20:21.000 --> 20:23.000 I probably because I'm also going to be better, 20:23.000 --> 20:26.000 and I'm working with an operator as a force, 20:26.000 --> 20:28.000 so he basically will cross my mind. 20:28.000 --> 20:30.000 So, come with me. 20:37.000 --> 20:40.000 Okay, then. 20:40.000 --> 20:43.000 Again, thanks a lot for staying here today, 20:43.000 --> 20:46.000 and I'll be back tomorrow to come here to my session. 20:46.000 --> 20:48.000 Um, again, 20:48.000 --> 20:49.000 thanks, Fabio, 20:49.000 --> 20:50.000 and the Rust group there for Dora, 20:50.000 --> 20:52.000 and they made a guide for hosting the band this week. 20:52.000 --> 20:53.000 It's been really helpful. 20:53.000 --> 20:54.000 So thank you all, 20:54.000 --> 20:56.000 and I enjoyed the remaining post them. 20:56.000 --> 20:58.000 Thank you.