alamb commented on PR #14069:
URL: https://github.com/apache/datafusion/pull/14069#issuecomment-2582555840

   > > I think the reason we don't have a Cargo.lock is that datafusion is 
meant to be used as a libary and thus we wanted to give downstream crates the 
flexibility for most dependent library versions
   > 
   > The `Cargo.lock` file of library crates is always ignored by dependent 
crates:
   > 
   > > However, this determinism can give a false sense of security because 
Cargo.lock does not affect the consumers of your package, only Cargo.toml does 
that. For example:
   > > 
   > > * [cargo 
install](https://doc.rust-lang.org/cargo/commands/cargo-install.html) will 
select the latest dependencies unless 
[--locked](https://doc.rust-lang.org/cargo/commands/cargo.html#option-cargo---locked)
 is passed in.
   > > * New dependencies, like those added with [cargo 
add](https://doc.rust-lang.org/cargo/commands/cargo-add.html), will be locked 
to the latest version
   
   I tried to document the rationale as I understand it here: 
https://github.com/apache/datafusion/pull/14071. Perhaps we can discuss 
potential changes there as well
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: github-unsubscr...@datafusion.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: github-unsubscr...@datafusion.apache.org
For additional commands, e-mail: github-h...@datafusion.apache.org

Reply via email to