lib crates have been checking in their Cargo.lock for a while now. https://githu... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		the8472 3 months ago \| parent \| context \| favorite \| on: Shai-Hulud malware attack: Tinycolor and over 40 N... lib crates have been checking in their Cargo.lock for a while now. https://github.com/rust-lang/cargo/pull/12382

Liskni_si 3 months ago [–]

That Cargo.lock will only be used for the library's own CI though (and also for development if you git clone it). It will not be used by downstream dependencies at all.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact