You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -18,18 +18,14 @@ So things were slower in July. What dominated was the Project Goals work.
18
18
19
19
As we entered the second half of the year, it was time to wrap up the current Project Goals and get the new ones going. In the spirit of helping people focus on other things, I took this over.
20
20
21
-
First, I've sent a couple requests for goal updates. This lead me to noticing and filing an issue with the triagebot. More details in the [`ping-goals` retry section](#ping-goals-retry-issue).
21
+
First, I've sent a couple requests for goal updates. This lead me to noticing and filing an issue with triagebot. More details in the [`ping-goals` retry section](#ping-goals-retry-issue).
22
22
23
23
After people provided their final messages, I've published the final 2025H1 Project Goals update:
With that done, I've closed most of the tracking issues. Some goals are being renewed for the H2 period so we're keeping those open.
30
28
31
-
(**TODO**: again, make sure we've actually closed the issues before publishing this post.)
32
-
33
29
## Starting 2025 H2 goals
34
30
35
31
With all of that out of the way, Niko published the [call for 2025 H2 goal proposals][2025H2CFP].
@@ -38,24 +34,23 @@ With all of that out of the way, Niko published the [call for 2025 H2 goal propo
38
34
39
35
Based on the feedback we've received, we've made some changes in this period:
40
36
41
-
* We're getting the proposals in front of the Teams and their leads earlier (well before the final RFC is written) so they are aware and have input into what's being proposed.
37
+
* We're getting the proposals in front of the teams and their leads earlier (well before the final RFC is written) so they are aware and have input into what's being proposed.
42
38
* We're asking them to suggest what they'd like to see as a flagship goal before the final selection is made.
43
-
* For each proposed goal, we've requsted each team with asks mentioned in the goal to select a "champion" who commits to making sure the goal is not blocked by that team.
39
+
* For each proposed goal, we've requested each team with asks mentioned in the goal to select a "champion" who commits to making sure the goal is not blocked by that team.
44
40
45
41
Once all the champions are selected, we'll meet with the team leads, go over the goals and figure out which ones we want to accept.
46
42
47
43
Similarly, we'll take their input regarding flagship goals.
48
44
45
+
As the goals were being proposed, Niko, Rémy, and I looked at the PRs, fixed any CI issues and merged them.
49
46
50
-
As the goals were being proposed, Niko, Rémy and I looked at the PRs, fixed any CI issues and merged them.
47
+
For each team, I've opened a "call for champions" Zulip thread listing the goals that requested their support. [Here's an example for the Lang team](https://rust-lang.zulipchat.com/#narrow/channel/213817-t-lang/topic/2025H2.20Goal.20Review).
51
48
52
-
For each team, I've opened a call for champions Zulip thread listing goals that requested their support. [Here's an example for the Lang team](https://rust-lang.zulipchat.com/#narrow/channel/213817-t-lang/topic/2025H2.20Goal.20Review).
53
-
54
-
As with any new process, people had questions. I was there to help clarify what we're asking for, the overall plan and next steps. When there were specific questions for a goal, I made sure to connect the right people.
49
+
As with any new process, people had questions. I was there to help clarify what we're asking for, the overall plan, and next steps. When there were specific questions for a goal, I made sure to connect the right people.
55
50
56
51
## Secure quorum-based cryptographic verification and mirroring for crates.io
57
52
58
-
In 2021, the Rust Foundation created the [Security Initiative][sec-initiative]. Their focus is on improving the security of the Rust ecosystem by building security tools, conducting audits and threat models and developing security expertise.
53
+
In 2021, the Rust Foundation created the [Security Initiative][sec-initiative]. Their focus is on improving the security of the Rust ecosystem by building security tools, conducting audits, creating threat models, and developing security expertise.
There's a good analog to this with Linux packaging (e.g. apt or dnf): when you install a package (or upgrade your system), your computer will rarely talk directly to the main package registry.
69
-
70
-
It's far more likely that it will reach a mirror hosted by a university, scientific institution, your ISP or in the case of CI, its provider. This lets people install their packages more quickly while saving on the upstream bandwidth and other costs.
63
+
There's a good analog to this with Linux packaging (e.g. apt or dnf): when you install a package (or upgrade your system), your computer will rarely talk directly to the main package registry. It's far more likely that it will reach a mirror hosted by a university, scientific institution, your ISP, or, in the case of CI, its provider. This lets people install their packages more quickly while saving on the upstream bandwidth and other costs.
71
64
72
-
You can do all this today, with a crucial difference: how do you know that the host (or someone in-between) didn't tamper with the code? How do you know you're getting the exact same bits as if you were to reach crates.io directly?
65
+
You can do all this today with a crucial difference: how do you know that the host (or someone in-between) didn't tamper with the code? How do you know you're getting the exact same bits as if you were to reach crates.io directly?
73
66
74
-
That's broadly what the goal is about and it involved investigations of the signing algorithms, key rotations, CI integration, releases, logging and much more. And all of this must meet the scale and performance requirements of crates.io.
67
+
That's broadly what the goal is about, and it involved investigations of the signing algorithms, key rotations, CI integration, releases, logging, and much more. And all of this must meet the scale and performance requirements of crates.io.
75
68
76
-
Walter Pearce and Josh Triplett did most of the work (investigation, experimentation, looking into what other package managers are doing) and talked to Cargo, Infra, Release, Bootstrap and crates.io representatives.
69
+
Walter Pearce and Josh Triplett did most of the work (investigation, experimentation, looking into what other package managers are doing) and talked to Cargo, Infra, Release, Bootstrap, and crates.io representatives.
77
70
78
71
Last week, [Walter posted a final update on the goal's tracking issue](https://github.com/rust-lang/rust-project-goals/issues/271#issuecomment-3133590786).
79
72
80
73
The goal owners along with the team representatives agreed on the following to build an experimental MVP implementation:
81
74
82
75
* Use TAP-16 Merkle Tree implementation of [TUF (The Update Framework)][tuf] for crates.io.
83
-
* Maintain a top-level quorum but removing immediate levels for simplicity.
84
-
* Reached a consensus with the Infrastructure team for deployment planning.
85
-
* Role keys will live in KMS (Key Management Service).
76
+
* Maintain a top-level quorum but remove intermediate levels for simplicity.
77
+
* Role keys will live in AWS KMS (Key Management Service).
86
78
87
-
They plan for the MVP to be ready by the end of August and they'll use it to test various optimizations to make sure it works for our tooling (rustup, releases, crates.io, update, signing etc.).
79
+
They also reached a consensus with the Infrastructure team for deployment planning. The plan is for the MVP to be ready by the end of August, and they'll use it to test various optimizations to make sure it works for our tooling (rustup, releases, crates.io, etc.).
88
80
89
-
This will answer some of the open questions (which specific optimizations will fit our needs, how to implement the Merkle tree to reduce round-trips and details on hosting infrastructure) and provide enough information to write the RFC and make this fully supported and available.
81
+
This will answer some of the open questions (which specific optimizations will fit our needs, how to implement the Merkle tree to reduce roundtrips, and details on hosting infrastructure) and provide enough information to write the RFC and make this fully supported and available.
90
82
91
-
These discussions and decisions happened in meetings and there was little public communication to the rest of the Project. One of my goals is to start publishing more frequent and detailed updates on this and similar initiatives.
83
+
These discussions and decisions happened in meetings, and there was little public communication to the rest of the Project. One of my goals is to start publishing more frequent and detailed updates on this and similar initiatives.
92
84
93
85
I've joined the signing meetings to be more aware of what's happening within this initiative.
94
86
95
87
[tuf]: https://theupdateframework.io/
96
88
97
89
## Rust for Linux
98
90
99
-
[Rust for Linux][rfl] is an ongoing effort (started in 2020) to add support for Rust to the Linux kernel. The project allows to write kernel code, such as drivers and other modules, in a memory safe language, with hopefully fewer bugs and nicer tooling. In addition, [one of its goals](https://lore.kernel.org/lkml/20210414184604.23473-1-ojeda@kernel.org/)it to allow more people get involved overall in developing the kernel thanks to the usage of a modern language.
91
+
[Rust for Linux][rfl] is an ongoing effort (started in 2020) to add support for Rust to the Linux kernel. The project allows people to write kernel code, such as drivers and other modules, in a memory safe language, with hopefully fewer bugs and nicer tooling. In addition, [one of its goals](https://lore.kernel.org/lkml/20210414184604.23473-1-ojeda@kernel.org/)is to allow more people get involved overall in developing the kernel thanks to the use of a modern language.
100
92
101
93
[rfl]: https://rust-for-linux.com/
102
94
103
95
The project currently has to rely on unstable Rust. This makes it less appealing for companies and individuals as unstable features can by definition change or even be removed. We want there to be minimal (ideally zero) churn on Rust code that's been accepted to the kernel.
104
96
105
-
There's been an ongoing collaboration with the Rust Project to get the language, compiler and tooling to a point where it can be completely compiled on stable Rust.
97
+
There's been an ongoing collaboration with the Rust Project to get the language, compiler, and tooling to a point where it can be completely compiled on stable Rust.
106
98
107
-
Rust for Linux was a Flagship goal the [second half of 2024][rfl2024h2] as well as the [first half of 2025][rfl2025h1].
99
+
Rust for Linux was a flagship goal the [second half of 2024][rfl2024h2] as well as the [first half of 2025][rfl2025h1].
This effort requires close collaboration with the Lang and Compiler teams, among others, and contact points on both sides to bridge the gap between the two projects. Until now, that was done by Niko Matsakis et al. on the Rust side and Miguel Ojeda et al. on the Rust for Linux side.
105
+
This effort requires close collaboration with the Lang and Compiler teams, among others, and contact points on both sides to bridge the gap between the two projects. Until now, that was done by Niko Matsakis, TC, et al. on the Rust side and Miguel Ojeda et al. on the Rust for Linux side.
115
106
116
-
One of the hopes of the PM role was to be able to step in and bring the communication between efforts like these closer and free up the Project members' time.
107
+
One of the hopes of the PM role was to be able to step in and improve the communication between efforts like these and free up the Project members' time.
117
108
118
-
I am now running the meetings, preparing the agenda, and making sure the tracking issues are up-to-date and bringing any requests or concerns to the relevant Project teams or people.
109
+
I am now running the meetings, preparing the agenda, making sure the tracking issues are up-to-date, and bringing any requests or concerns to the relevant Project teams or people.
119
110
120
111
Miguel Ojeda will continue to be the point of contact on the Linux side.
121
112
@@ -126,14 +117,11 @@ I helped Miguel propose two 2025 H2 goals ([compiler][rfl-compiler] and [languag
126
117
127
118
This lets Niko disengage from the program completely and focus on the many other things he's doing across the Project.
128
119
129
-
130
120
## Misc
131
121
132
122
### `ping-goals` retry issue
133
123
134
-
The request for updates is done by the `ping-goals` command of the @triagebot. This returned an error ("Failed to await at this time: connection closed before message completed"), but did actually ping everyone.
135
-
136
-
[Multiple times][goals-spam], in fact.
124
+
The request for updates is done by the `ping-goals` command of `@triagebot`. This returned an error ("Failed to await at this time: connection closed before message completed"), but did actually ping everyone. [Multiple times][goals-spam], in fact.
@@ -159,11 +147,11 @@ The [Leadership Council][council] is a team charged with the success of the Proj
159
147
160
148
The Council meets every two weeks and after each meeting they publish minutes to [the leadership-council repository][leadership-council-minutes].
161
149
162
-
This makes them accountable to the teams they represent and transparent to the Project and the community as a whole. It also helps show if they're missing anything important to the teams who can then bring it to the Council's attention.
150
+
This makes them accountable to the teams they represent and transparent to the Project and the community as a whole. It also helps others find if they're missing something important so it can be brought to their attention.
163
151
164
-
As with every other meeting, when an active participant has to take minutes, this results in diminishing their attention to the topic as well as the quality of their notes (most people can't speak or fully consider what other people said and write at the same time).
152
+
As with every other meeting, when an active participant has to take minutes, this results in diminishing that person's attention to the topic as well as the quality of the notes (most people can't speak or fully consider what other people said and write at the same time).
165
153
166
-
And similarly, going through the minutes, making them legible and publishing them takes additional effort and attention. When these things pile up, they can even lead to burning out.
154
+
And similarly, going through the minutes, making them legible and publishing them takes additional effort and attention. When these things pile up, they can even lead to burning out valuable contributors.
167
155
168
156
Having taken over the minutes for the Leadership Council meetings in June, I've now closed the loop by taking over the clean-up and publishing as well.
0 commit comments