#22905: Cargo.lock and Cargo.toml specify incompatible dependencies for libc -----------------------------+-------------------------- Reporter: isis | Owner: Type: defect | Status: new Priority: Medium | Milestone: Component: Core Tor/Tor | Version: Severity: Normal | Resolution: Keywords: rust, tor-build | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: SponsorZ -----------------------------+--------------------------
Comment (by alexcrichton): Hello! I figure I may be able to help clarify a bit here, although let me know if anything doens't make sense. > We committed src/rust/Cargo.lock which is a bit strange since it's normally not recommended, and especially not for library crates like ours Perhaps! It sort of depends on the goal here. It's true that most pure libraries tend to not commit Cargo.lock, but that's actually because cargo will ignore the Cargo.lock in dependencies, it'll only use the "application's" Cargo.lock. That's why projects like Servo and rustc itself will commit Cargo.lock. The repositories contain Cargo.lock but they also contain a bunch of libraries. In that sense it sort of depends on what the repository layout looks like here. If this is a library right next to an application you'd probably want to commit Cargo.lock, but if it's just a repo with a library then yeah I'd recommend changing `"*"` to `"0.2.24"` like you've got listed. There's some other documentation online (http://doc.crates.io/faq.html #why-do-binaries-have-cargolock-in-version-control-but-not-libraries) as well, but the cargo docs aren't always the most helpful :( In any case though I'd probably recommend avoiding `"*"` dependencies. If you use more targeted dependencies (like `"0.2.24"` which stands for "semver compatible with 0.2.24" which is actually `>=0.2.24, < 0.3`) then you can typically use `cargo update` to safely update dependencies without worrying about actually breaking your code. This'll help to easily pick up bug fixes and such in libraries without accidentally introducing breakage sometimes. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22905#comment:2> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs