So our standard practice requires what I would call a "tight configuration management regime:

For example - We have a "VM farm" - with all tools pre installed (rather beefy VMs)
We do not have or use DOCKER - because we control our VM and automate their creation.

we have a HUGE high performance NFS server for shared things ( a huge NAS )
We put common tools in a common place
For example we have /nfs/tools/Xilinx and under that we have multiple versions
Same with /nfs/tools/microsemi {now microchip}
and /nfs/tools/Aldec
and .. the list goes on.

For security reasons - policy is: users shall not and are actively prevented from installing any tool or package period.

We also require a rather locked down "configuration management system" - ie: Tools and packages are requested, approved, reviewed, and installed

We also very much so want to respect copyrights (while we are contractually obligated by our customers, we also think it is the right/moral thing to do too) so -nobody can just download any package without a request, review, approval, etc before we begin.

BUT rust says: Just download it and enjoy.. This is so antithetical to any and all things I would think RUST is about - ie: Type safety, and security - and for example anything about respecting copyrights of others code.

its like everything about rust is nothing but 100% wild-wild-west, and cowboy methods. The exact things they teach you not to do in any large development group.

How exactly is one suppose to setup a properly configured, "configuration managed rust development environment" - if everyone must personally install RUST and personally install each and every component.

And that includes all of our CI/CD worker machines - really, why can't we have the tools pre-installed?

This is just so wild west and cowboy that I makes my skin crawl.

5 posts - 4 participants

Read full topic