Right now make.py does not use the argument cargo flag --locked. Perhaps it would be a good idea to use the versions provided in the lock file. This way, we know that people are actually compiling the same thing as we are. The downside of this would be that we would have to update the lockfile more frequently for people to use recent versions. I think it could help to use dependabot for it.
We can set it up that it would group together all backwards compatible updates so we only have to test the collection of updates during a entire month.
Major versions would require more attention and could be split into separate PRs by dependabot.
@lut99 what do you think?
Should we compile with locked?
Should we use dependabot to update lockfile versions?
Right now
make.pydoes not use the argument cargo flag--locked. Perhaps it would be a good idea to use the versions provided in the lock file. This way, we know that people are actually compiling the same thing as we are. The downside of this would be that we would have to update the lockfile more frequently for people to use recent versions. I think it could help to use dependabot for it.We can set it up that it would group together all backwards compatible updates so we only have to test the collection of updates during a entire month.
Major versions would require more attention and could be split into separate PRs by dependabot.
@lut99 what do you think?
Should we compile with locked? Should we use dependabot to update lockfile versions?