Stabilize public/private dependencies
| Metadata | |
|---|---|
| Point of contact | Ed Page |
| Status | Proposed for mentorship |
| Flagship | Secure your supply chain |
| Tracking issue | rust-lang/rust-project-goals#272 |
| Zulip channel | N/A (an existing stream can be re-used or new streams can be created on request) |
| Stabilization | true |
| Teams | cargo, compiler |
| Task owners | (none) |
Summary
Find a MVP for stabilization and move it forward.
Motivation
This will allow users to tell Rustc and Cargo what dependencies are private
- Help users catch ways they unexpectedly expose their implementation details
- Help tooling better identify what all constitutes an API
- Speed up
cargo docby only building dependencies you can access - Help users keep versions between dependencies in sync
The status quo
RFC #1977(https://github.com/rust-lang/rfcs/pull/1977) has been superseded by RFC #3516(https://github.com/rust-lang/rfcs/pull/3516) to reduce complexity on the Cargo side to help get this over the line. However, there is still a lot of complexity on the compiler side to get this right ( rust#3516, rust#119428, ), keeping this feature in limbo
The next 6 months
Work with compiler to identify a minimal subset of functionality for what the lint can do and close out the remaining stabilization tasks.