Open
Description
As of the current 0.3.0 tag (the second iteration of this tag), the Cargo.lock file is not in sync with Cargo.toml. This means distro packages are unable to create reproducible packaging because the dependencies must be bumped dynamically at build time instead of being able to use the ones specified (via --locked or --frozen).
I'll submit a patch for this release (and have already repackaged the Arch Linux release using that patch), but please also make refreshing the lock file part of the release checklist/process.
Metadata
Assignees
Labels
No labels