We might not want to commit Cargo.lock files
In legacy/trac#22905 (moved), I discussed a problem that is partially the result of committing src/rust/Cargo.lock
.
[Including
Cargo.lock
files] is possibly a good idea, because we're specifying the hash we expect. It might be a bad idea, because it specifies the registry for packages, which I'm pretty sure will mean "offline" builds would never work. In addition, it also conflicts with the dependency specification insrc/rust/tor_util/Cargo.toml
[…]
That is, I'm pretty sure that no matter what we do on legacy/trac#22830 (moved), "offline" builds are going to be broken because of including this lockfile. We should figure out what the benefits of having it are, and if we can live without them.