b49020 commented on code in PR #141: URL: https://github.com/apache/incubator-teaclave-trustzone-sdk/pull/141#discussion_r1670114857
########## examples/acipher-rs/host/Cargo.lock: ########## Review Comment: There is another perspective to look at it to rather allow verification of latest dependencies in our CI and not checking in `Cargo.lock` files is a potential solution: https://doc.rust-lang.org/cargo/guide/continuous-integration.html#verifying-latest-dependencies. Another thing I see negative for `Cargo.lock` files is how often do we update them and if we are really leveraging the determinism offered. For an upstream project like this we would rather like to track breakages with any version of upstream Rust packages such that we can update `Cargo.toml` to not depend on versions that are broken. So IMHO given we already have two configurations to support and the reasons above, we should be better off to drop `Cargo.lock`. However, I think these `Cargo.lock` makes more sense for downstream projects where tight version control is preferred more. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@teaclave.apache.org For additional commands, e-mail: dev-h...@teaclave.apache.org
