Exclude development scripts from published package #234
Conversation
|
This package has a build script, and I'm very wary of excluding things by default since I don't actually know what is required for the build on different platforms. Please at least list the files that are triggering the lint in the PR body. This might be a case where (honestly, I'm not clear on the utility of that cargo deny key in the first place. Seems like a bad approximation of what one might want it to be) |
|
@Manishearth I'm not sure if we talking about the same package here. arbitrary doesn't seem to have a build.rs file. libfuzzer has such a file, maybe that comment was meant to be put there? |
|
@weiznich sorry, comment was meant for rust-fuzz/libfuzzer#137 |
During a dependency review we noticed that the arbitary crate includes various development scripts. These development scripts shouldn't be there as they might, at some point become problematic. As of now they prevent any downstream user from enabling the `[bans.build.interpreted]` option of cargo deny. I opted for using an explicit include list instead of an exclude list to prevent these files from being included in the published packages to make sure that everything that's included is an conscious choice.
weiznich
force-pushed
the
exclude_scripts
branch
from
ea1f5fc to
01670ae
Compare
|
(Adjusted the PR to include tests + examples as you requested) |
|
MSRV job needs a crate pin, can be ignored. |
2 participants
During a dependency review we noticed that the arbitary crate includes various development scripts. These development scripts shouldn't be there as they might, at some point become problematic. As of now they prevent any downstream user from enabling the
[bans.build.interpreted]option of cargo deny.I opted for using an explicit include list instead of an exclude list to prevent these files from being included in the published packages to make sure that everything that's included is an conscious choice.