Check in Cargo.lock #50
Comments
|
cc @mzji and @ishitatsuyuki in case I got anything wrong |
The argument listOkay, let's go top-down.
It's not just
Yes, that FAQ was written by some smart people and I will not undermine their authority, however:
Here's my view on this: you don't really want fully-deterministic builds (where deterministic is defined as "constant up to a certain level of abstraction across all implementers thereof", where that level of abstraction sits somewhere slightly above user-dependent paths but slightly below other paths and system configuration) – what you (I?) want is the "best" version of every dependency, without having it explicitly governed by some (possibly very outdated) "ground truth". Bonus points: the Rust ecosystem tends to employ SemVer and therefore, maybe not guarantees, but borderline so, that patch version variances will ensure compilation and correctness of the code to an increasing degree (because it's quite safe to assume that an increase in version is proportional to an increase in correctness and other positive factors). Synopsis: benefit of full determinism is naught, benefit of non-determinism is nonnegative.
Again, this is not primarily a binary (or that's how I (don't? (English is weird)) view it). Why? Stay tuned.
(Day-(which is to say: anal)-nab would devil's advocate they're sources to binaries and not binaries per se, but I'm tired so I won't.)
Two fundamental mistakes were committed in looking for said evidence:
(Also I don't think that that "dependent crates" counter is quite accurate, but v0v.) Therefore that evidence is based on incorrect assumptions (laid forth above) and therefore exhibits bias that makes it unusable.
Overgeneralisation (exemplified, e.g., by the fact, that around 13k downloads (calculating however many individual entities doing those downloads is left as an exercise to the reader) have used the library).
Well, that's great, innit? You get no lack-of-upsides of having lockfile either way.
Something's wrong with assumptions or interpretation here, again (and yes, it's "exclusively binary"). Additional commentaryAs we can conclude from section 1, a ground-truth lockfile has no benefits, while lack thereof can exhibit a non-negative benefit set. Here comes the slightly more philosophical part (don't worry, I do real philosophy): ever since a certain point (determining which crate was the first is left as an exercise to the reader), which really should have been day 1, but it took a while to transition from my previous C++-based mindset, my crates (and, after that point, other things) are just more-or-less lightweight "interfaces" (there's probably a better word for that but I'm tired, Polish, and bad at English) to the libraries. Nothing more, how I view this, than a usage example, or a "here's how I do it" (also a badly broadcast subliminal challenge to the reader – "What can you do with it? Can you break it?" (I also do believe that a great part of learning and testing any system is breaking it)). That is why, I do wholeheartedly believe, the "binary" parts of this, and other, crates are just a nice helpful sprinkle on top (like this example, for example, just more-helpfully first-classed). The human, software, and maintenance aspect(This part is written from the perspective of maintainer-(or day-)nab, who has a short temper and gets vulgar to get his point across better. Hide your children.) A lockfile is just more garbage automatically generated by the build system with no real added value (it's just a derivative of Cargo.toml). It has to be actively maintained and easy to just plain forget about (but slim, what if a patch update, renders this broken? Well same would happen to literally everyone else using the damn thing and I'm not the one to catch shit for it (Hellooooo, rust-lang/futures-rs#160! How ya doin'?)). Also, it's an intermediate build file, like, dunno, the AfterwordWas that clear and typo-free? I doubt it, since I've only been using English fluently for the last 5 years and am still relatively schite at it, so ask, correct, do your worst. Debating is fun! |
|
I second the request to add |
I see that this was discussed previously in #10 and #30 but as far as I can tell, it was never coherently explained why cargo-update needs to do this differently.
Synopsis of previous thread and some points of my own:
The Cargo FAQ is very explicit about when Cargo.lock is supposed to be checked in. It writes:
The reasons are explained in the link.
The rebuttal to this point in Add Cargo.lock to the repository (if there exist one) #10 (comment) was:
After being pointed out that the crate does contain binaries, the follow-up was:
While you may see it this way, I haven't found any evidence that any code anywhere uses cargo-update as a library. On crates.io there are zero crates that depend on cargo-update. On GitHub there are zero Cargo.toml manifests that depend on cargo-update. Everybody only uses the binaries.
In Add Cargo.lock to repository #30 (comment) it was pointed out that adding Cargo.lock does not affect how this crate is used as a library. Quoting again from the same Cargo FAQ:
Cargo will use the lockfile for building the binary, while crates that depend on the library will ignore the lockfile. This means we get all the benefits of shipping a Cargo.lock with an exclusively binary crate.
The text was updated successfully, but these errors were encountered: