Open ehuss opened 3 months ago
This is a subset of #13722.
I'm assuming the root cause is #10548 which mirrored existing license logic over for readme's.
has there been any work done on this yet? would it be viable to revert https://github.com/rust-lang/cargo/pull/10548 if that is indeed the root cause of this bug?
@Turbo87 this has been in since 1.62 and was just reported just over a month ago. What is bad enough about this that a partial revert of #10548 should be considered?
What is bad enough about this that a partial revert of #10548 should be considered?
we would like to turn the server-side validation for duplicate files back on to prevent potential security issues. that is admittedly unlikely to be relevant for the readme, but might be an issue for code modules depending on the system. e.g. it would be bad if for example docs.rs showed different sources than what is actually getting compiled in because of casing conflicts.
@Turbo87 so your concern is more about #13722 than this issue?
to some degree yes, though this one here is apparently what is commonly happening in production from what I've seen so far
If a package has a
Readme.md
file (and no readme field inCargo.toml
), it will end up with two readme files in the package.
This bug also happens if there is readme = "README.md"
in cargo.toml
.
I cannot reproduce this on linux but I can reproduce this on darwin.
Problem
If a package has a
Readme.md
file (and no readme field inCargo.toml
), it will end up with two readme files in the package.This regressed in https://github.com/rust-lang/rust/pull/96031 (rust 1.62.0). I'm not sure which of those is responsible.
Steps
cargo new foo
cd foo
touch Readme.md
cargo package --list --allow-dirty
Possible Solution(s)
No response
Notes
No response
Version