Please commit your Cargo.lock file in the repository

[charles-dyfis-net]

Not having a Cargo.lock file makes tiktoken harder to use by projects being packaged for deployment with Nix (which runs builds in a sandbox that only has network access when the hash of the content being downloaded is known ahead-of-time), and exposes users to unexpectedly having different dependency resolutions than a release was tested with upstream.

[MostAwesomeDude]

I intend to fix this in poetry2nix, which means that I get to choose the versions of dependencies. If you want to control which crates are used in Nix or other reproducible environments, then (at minimum) you need to add the lockfile to your releases.

[VRehnberg]

I second this. Not having having a Cargo.lock makes it hard to use with EasyBuild

[VRehnberg]

These are the latest recommendations from the Rust community afaik:

• https://blog.rust-lang.org/2023/08/29/committing-lockfiles.html
• https://doc.rust-lang.org/cargo/faq.html#why-have-cargolock-in-version-control
• https://doc.rust-lang.org/cargo/faq.html#why-do-binaries-have-cargolock-in-version-control-but-not-libraries