Rust’s Cargo team used to recommend committing Cargo.lock for files with binaries but not libraries, but now says do what is best for your project. Credit: cortixxx Rather than encouraging Rust developers to commit their Cargo.lock file for packages with binaries but not libraries, Rust’s Cargo team now recommends developers do whatever is best for their project. The change in guidance, from the team behind the Rust package manager, is being made in light of the Rust language becoming more mainstream. A Cargo.lock lockfile is intended to describe state at the time of a successful build. In recommending people do what is best for the project, the team still suggests committing Cargo.lock as the starting point of their decision making. The cargo new command will no longer ignore Cargo.lock for libraries. The Cargo team encourages regular testing against latest dependencies. In a bulletin published August 29, the Cargo team said that the old guidelines ensured libraries tested their latest dependencies, helping to maintain high quality within Rust’s package ecosystem by ensuring issues, particularly backward compatibility, were quickly resolved. The team believed it helped promote a “culture of quality” in the nascent ecosystem. But there have been downsides, such as removing history from the code bases, making bisecting to find the root cause of a bug more difficult for maintainers. And confusion could result for contributors, from an unreliable CI (continuous integration) when a dependency is removed or a new release has a bug. Since this guideline was written, Rust has moved from being a language for early adopters to being more mainstream; the on-boarding experience of new Rust developers must be kept in mind. Wider adoption also means it is not always practical to assume everyone is using the latest Rust release. Further, the wider ecosystem has seen CI become easier to set up and maintain. Products such as Dependabot and Renovate have opened up options besides having version control ignore Cargo.lock to test new dependencies. The Cargo team now believes it is best to leave the choice to developers while giving them the information needed to make a decision. Developers can offer feedback on this policy on GitHub, or they can reach out to the Cargo team on Zulip. Related content feature 14 great preprocessors for developers who love to code Sometimes it seems like the rules of programming are designed to make coding a chore. Here are 14 ways preprocessors can help make software development fun again. By Peter Wayner Nov 18, 2024 10 mins Development Tools Software Development feature Designing the APIs that accidentally power businesses Well-designed APIs, even those often-neglected internal APIs, make developers more productive and businesses more agile. By Jean Yang Nov 18, 2024 6 mins APIs Software Development news Spin 3.0 supports polyglot development using Wasm components Fermyon’s open source framework for building server-side WebAssembly apps allows developers to compose apps from components created with different languages. By Paul Krill Nov 18, 2024 2 mins Microservices Serverless Computing Development Libraries and Frameworks news Go language evolving for future hardware, AI workloads The Go team is working to adapt Go to large multicore systems, the latest hardware instructions, and the needs of developers of large-scale AI systems. By Paul Krill Nov 15, 2024 3 mins Google Go Generative AI Programming Languages Resources Videos