LSchueler
commented
3 years ago I thought about this for a bit and I agree, it's probably a good idea to track the Cargo.lock file too.
Closed adamreichold closed 3 years ago
LSchueler
commented
3 years ago I thought about this for a bit and I agree, it's probably a good idea to track the Cargo.lock file too.
While the default for library projects is to exclude Cargo.lock from version control as the final application crate should decide which dependencies versions to fix, this does not really apply to a crate that is shipped as a Python wheel. Since this implies shipping binaries, all dependencies should be locked for proper reproducibility of the resulting builds.