From: Ivan Petkov <ivanppetkov@gmail.com>
To: Efraim Flashner <efraim@flashner.co.il>
Cc: 36841@debbugs.gnu.org
Subject: [bug#36841] [PATCH v3] build/cargo-build-system: Patch cargo checksums.
Date: Wed, 31 Jul 2019 20:00:00 -0700 [thread overview]
Message-ID: <6580AB76-AB78-4758-B71F-FE08687B9A33@gmail.com> (raw)
In-Reply-To: <20190730104658.GC21431@E2140>
[-- Attachment #1: Type: text/plain, Size: 1221 bytes --]
Hi Efraim,
> On Jul 30, 2019, at 3:46 AM, Efraim Flashner <efraim@flashner.co.il> wrote:
>
> This one I'm pretty happy with. The checksums are only generated twice
> when there's a Cargo.lock file present and I've factored out the
> function to generate all the checksums. When that's moved to (guix build
> cargo-utils) it can be used by the rust compilers and icecat.
Overall the patch makes sense to me!
However, I am curious what are some of the situations in which you’re encountering
a Cargo.lock file? In a system like guix which maintains all dependencies immutably
and consistently, the Cargo.lock file is virtually useless (in fact it *could* be harmful
if an application is released with a Cargo.lock file pinning to a particular vulnerable
dependency which needs to be updated, requiring patching of the Cargo.lock file).
I’d be willing to go as far as suggest we unconditionally delete any Cargo.lock file
in source tarballs and let cargo generate its own replacement using the vendor
directory we have supplied. (Imports from crates.io <http://crates.io/> also never include a Cargo.lock
file, so this may only pertain if we’re performing a direct source import…)
—Ivan
[-- Attachment #2: Type: text/html, Size: 2016 bytes --]
next prev parent reply other threads:[~2019-08-01 3:01 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-29 19:04 [bug#36841] [PATCH] build/cargo-build-system: Patch cargo checksums Efraim Flashner
2019-07-30 1:44 ` Ivan Petkov
2019-07-30 5:59 ` bug#36841: " Efraim Flashner
2019-07-30 8:17 ` [bug#36841] " Efraim Flashner
2019-07-30 10:46 ` [bug#36841] [PATCH v3] " Efraim Flashner
2019-08-01 3:00 ` Ivan Petkov [this message]
2019-08-01 11:15 ` Efraim Flashner
2019-08-04 8:57 ` Efraim Flashner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6580AB76-AB78-4758-B71F-FE08687B9A33@gmail.com \
--to=ivanppetkov@gmail.com \
--cc=36841@debbugs.gnu.org \
--cc=efraim@flashner.co.il \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).