tiktoken icon indicating copy to clipboard operation
tiktoken copied to clipboard
verified publisher icon openai

Please commit your Cargo.lock file in the repository

Open charles-dyfis-net opened this issue 2 years ago • 3 comments

Not having a Cargo.lock file makes tiktoken harder to use by projects being packaged for deployment with Nix (which runs builds in a sandbox that only has network access when the hash of the content being downloaded is known ahead-of-time), and exposes users to unexpectedly having different dependency resolutions than a release was tested with upstream.

charles-dyfis-net avatar Aug 17 '23 12:08 charles-dyfis-net

I intend to fix this in poetry2nix, which means that I get to choose the versions of dependencies. If you want to control which crates are used in Nix or other reproducible environments, then (at minimum) you need to add the lockfile to your releases.

MostAwesomeDude avatar Aug 18 '23 16:08 MostAwesomeDude

I second this. Not having having a Cargo.lock makes it hard to use with EasyBuild

VRehnberg avatar Apr 10 '24 12:04 VRehnberg

These are the latest recommendations from the Rust community afaik:

  • https://blog.rust-lang.org/2023/08/29/committing-lockfiles.html
  • https://doc.rust-lang.org/cargo/faq.html#why-have-cargolock-in-version-control
  • https://doc.rust-lang.org/cargo/faq.html#why-do-binaries-have-cargolock-in-version-control-but-not-libraries

VRehnberg avatar Apr 10 '24 14:04 VRehnberg