Mike Gerwitz

Activist for User Freedom

aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMike Gerwitz <mike.gerwitz@ryansg.com>2021-12-02 11:34:56 -0500
committerMike Gerwitz <mike.gerwitz@ryansg.com>2021-12-02 11:49:51 -0500
commit87c457ba41a146400dd4ae9d141925d781ae37b1 (patch)
tree8c1af22c246a126fafe2834960068b70426ba1dc /tamer/tests/tameld.rs
parent54531e228486cfc2fb381c90e4425fc67ea8db7b (diff)
downloadtame-87c457ba41a146400dd4ae9d141925d781ae37b1.tar.gz
tame-87c457ba41a146400dd4ae9d141925d781ae37b1.tar.bz2
tame-87c457ba41a146400dd4ae9d141925d781ae37b1.zip
tamer: cargo --frozen --offline
Cargo's default behavior is unfortunately to issue network calls each time it is invoke in order to check for dependencies updates. This is not only bad for reproducibility and privacy, but it's also a concern for supply chain attacks, since most developers are unaware that this is occurring. Instead, we pin to the lockfile. Installing dependencies can be done with `cargo fetch` and updating dependencies must be explicitly done by the developer, with the lockfile updated.
Diffstat (limited to 'tamer/tests/tameld.rs')
0 files changed, 0 insertions, 0 deletions