Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Commit Cargo.lock + cargo update #1415

Merged
merged 2 commits into from
Jul 30, 2024
Merged

Commit Cargo.lock + cargo update #1415

merged 2 commits into from
Jul 30, 2024

Conversation

phklive
Copy link
Contributor

@phklive phklive commented Jul 26, 2024

In this PR I propose to run cargo update on the repo and commit cargo.lock file.

Closes: #1259

@phklive phklive added the no changelog This PR does not require an entry in the `CHANGELOG.md` file label Jul 26, 2024
@phklive phklive requested a review from bobbinth July 26, 2024 11:11
@phklive phklive mentioned this pull request Jul 26, 2024
Closed
@plafer
Copy link
Contributor

plafer commented Jul 26, 2024

I'm late to the conversation, but basically the Rust team has recommended for a long time not to commit the Cargo.lock file for libraries, although has acknowledged last year that some libraries might want to commit it anyway.

I understand the pro's: reproducible builds. But I am not clear yet on how that would interact with downstream users, and if this could cause version conflicts (as explained in the original recommendation).

Are we clear on whether or not this will be an issue, and/or how to mitigate it?

cc @bitwalker which I think was in favor of this change

@bobbinth
Copy link
Contributor

I understand the pro's: reproducible builds. But I am not clear yet on how that would interact with downstream users, and if this could cause version conflicts (as explained in the original recommendation).

My understanding is that it shouldn't affect downstream users (or at least the ones that install these crates from crates.io). As far as I know, Cargo.lock is not a part of a crate (i.e., it does not get published to crates.io) and so, downstream users may not even know that it exists.

Also, if I'm reading it correctly, the current recommendation is leaning towards committing Cargo.lock into source control.

@bobbinth bobbinth merged commit 70a6dc0 into next Jul 30, 2024
9 checks passed
@bobbinth bobbinth deleted the phklive-reproducible-builds branch July 30, 2024 16:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@plafer plafer plafer approved these changes

@bobbinth bobbinth Awaiting requested review from bobbinth

Assignees
No one assigned
Labels
no changelog This PR does not require an entry in the `CHANGELOG.md` file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@phklive @plafer @bobbinth