While looking through the changes of a recent update of the brotli crate I noticed that the source code uploaded to crates.io contains the binary test data: https://diff.rs/brotli/6.0.0/7.0.0/testdata
Given the recent xz incident that might not be desirable as it makes it harder to review what's going on inside the binary data. Additionally these data add unneeded bloat to the source code.
While looking through the changes of a recent update of the brotli crate I noticed that the source code uploaded to crates.io contains the binary test data: https://diff.rs/brotli/6.0.0/7.0.0/testdata
Given the recent xz incident that might not be desirable as it makes it harder to review what's going on inside the binary data. Additionally these data add unneeded bloat to the source code.