Closed K900 closed 2 years ago
I guess we're technically building "an end-product" and not a library, even if the end-product is a library (for another language). Given it makes sense as per the book on Cargo.toml vs Cargo.lock and it's useful to do, we probably should commit the file.
Yeah, "no Cargo.lock for libraries" thing is mostly there for the kind of libraries that you'd include in another project, i.e. something that does not produce artifacts by itself. In this case, there is an artifact, namely the Python extension, so I'd say a Cargo.lock makes sense.
Do you need a new version to be published to PyPi, or is this okay?
A new version would definitely be preferable, but I'm not really in a hurry, if you've got other changes you want to bundle with that.
Exactly what it says on the tin. Right now it's not really possible to build the repo reproducibly as the dependencies aren't locked, which is a pretty big no-no for distribution packaging.