-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dependency management #5
Comments
Yeah, it's less about not trusting That being said, if you are opposed to that or find it to be a hinderance for whatever reason, we can discuss moving to a more standard model. |
Okay, I see. I’m not strongly opposed to the current model, but I do see some downsides. This model tends to use outdated software. For example, currently An easier solution (at least for offline compilation) might be to automatically generate this bundle for every release and provide it as a tarball. But I’ll also have another look at the other options Rust provides (especially vendoring). |
They are outdated because I did not update them :)
I am using
Yeah, but that would mainly work on a per-release basis. My objective was to have a more general solution that works for every commit. I believe |
The
I’ll have a look at it! I think I’m just a bit reluctant to use a non-standard solution without a clear use case (or maybe I’m missing something). |
Sure! I was just stating what I was doing, not saying you have to use it :) |
All questions have been answered. :-) |
Before I comment on the issue, I’d like to know your goals for dependency management. My guess is that you are including the dependencies in the nitrocli repository to ensure that cargo does not download unsigned and unverified code from third parties. Is that correct?
The text was updated successfully, but these errors were encountered: