Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

doc(cargo-package): explain no guarantee of vcs provenance #13984

Merged
merged 1 commit into from
May 30, 2024
Merged

doc(cargo-package): explain no guarantee of vcs provenance #13984

merged 1 commit into from
May 30, 2024

Conversation

weihanglo
Copy link
Member

What does this PR try to resolve?

Address the concern in #13960 (comment).

Two things are called out:

  • JSON compatibility is the same as the output of cargo-metdata, e.g. new fields can be added freely.
  • The presence of .cargo_vcs_info.json doesn't mean Cargo has verified the package provenance.

How should we test and review this PR?

cargo run -- help package?

Additional information

@rustbot
Copy link
Collaborator

rustbot commented May 30, 2024

r? @epage

rustbot has assigned @epage.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

@rustbot rustbot added A-cli-help Area: built-in command-line help A-documenting-cargo-itself Area: Cargo's documentation S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels May 30, 2024
@weihanglo weihanglo mentioned this pull request May 30, 2024
Merged
@epage
Copy link
Contributor

epage commented May 30, 2024

@bors r+

@bors
Copy link
Contributor

bors commented May 30, 2024

📌 Commit 22185e1 has been approved by epage

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels May 30, 2024
@bors
Copy link
Contributor

bors commented May 30, 2024

⌛ Testing commit 22185e1 with merge 94aa7fb...

@bors
Copy link
Contributor

bors commented May 30, 2024

☀️ Test successful - checks-actions
Approved by: epage
Pushing 94aa7fb to master...

1 similar comment
@bors
Copy link
Contributor

bors commented May 30, 2024

☀️ Test successful - checks-actions
Approved by: epage
Pushing 94aa7fb to master...

@bors bors merged commit 94aa7fb into rust-lang:master May 30, 2024
21 checks passed
@weihanglo weihanglo deleted the cargo-package branch May 30, 2024 15:43
@bors
Copy link
Contributor

bors commented May 30, 2024

👀 Test was successful, but fast-forwarding failed: 422 Changes must be made through a pull request.

@weihanglo weihanglo mentioned this pull request Jun 1, 2024
Merged
bors added a commit to rust-lang-ci/rust that referenced this pull request Jun 1, 2024
@bors
Auto merge of rust-lang#125835 - weihanglo:update-cargo, r=weihanglo
dcc9a8f 
Update cargo

9 commits in 431db31d0dbeda320caf8ef8535ea48eb3093407..7a6fad0984d28c8330974636972aa296b67c4513
2024-05-28 18:17:31 +0000 to 2024-05-31 22:26:03 +0000
- fix(config): Ensure `--config net.git-fetch-with-cli=true` is respected (rust-lang/cargo#13992)
- Fix libcurl proxy documentation link (rust-lang/cargo#13990)
- fix(new): Dont say were adding to a workspace when a regular package is in root (rust-lang/cargo#13987)
- fix: adjust custom err from cert-check due to libgit2 1.8 change (rust-lang/cargo#13970)
- fix(toml): Ensure targets are in a deterministic order (rust-lang/cargo#13989)
- doc(cargo-package): explain no guarantee of vcs provenance (rust-lang/cargo#13984)
- chore: fix some comments (rust-lang/cargo#13982)
- feat: stabilize `cargo update --precise <yanked>` (rust-lang/cargo#13974)
- Update openssl-src to 111.28.2+1.1.1w (rust-lang/cargo#13976)

r? ghost
@rustbot rustbot added this to the 1.80.0 milestone Jun 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@epage epage

Labels
A-cli-help Area: built-in command-line help A-documenting-cargo-itself Area: Cargo's documentation S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion.
Projects
None yet
Milestone
1.80.0
Development

Successfully merging this pull request may close these issues.
4 participants
@weihanglo @rustbot @epage @bors