-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Commit a Cargo.lock file. #43
Conversation
Why?! What purpose does this serve other than eventually resulting in regressions? |
Fair point. |
|
I don’t see how it being a binary crate warrants a lockfile. Are the version bounds not tight enough in the |
Binaries usually check in lockfiles. However, |
Ah, didn't know this. In that case, sure, we should remove it. |
One example scenario: If I download a version a binary built via cargo, I want to have the exact dependencies I used to compile that binary committed to version control so I can easily go back and reproduce the issue. If I don't commit the lockfile, when I go back, I'm installing potentially different dependencies which could make it harder to reproduce the issue. |
This point does not apply as much as you'd want it to. Libraries can depend
on unstable rustc details that aren't quite behind the façade (via symbols
for example) and your stuff may still break/not repro anymore; similar to
the non-bug I linked above.
…On Mar 1, 2017 12:28 AM, "Corey Farwell" ***@***.***> wrote:
I don’t see how it being a binary crate warrants a lockfile.
One example scenario: If I download a version a binary built via cargo, I
want to have the *exact* dependencies I used to compile that binary
committed to version control so I can easily go back and reproduce the
issue. If I don't commit the lockfile, when I go back, I'm installing
potentially different dependencies which could make it harder to reproduce
the issue.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#43 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AApc0kT89swvVZkHhq6fST0Oqqjat_RSks5rhJ99gaJpZM4MN9S7>
.
|
I'm talking about stable Rust. If I ship a new release of a binary that just includes a bump of an upstream dependency (which is very common), it's good to have the git history reflect that bump, otherwise, it would look like nothing changed. |
No description provided.