|author||Mike Gerwitz <email@example.com>||2021-12-02 11:34:56 -0500|
|committer||Mike Gerwitz <firstname.lastname@example.org>||2021-12-02 11:49:51 -0500|
tamer: cargo --frozen --offline
Cargo's default behavior is unfortunately to issue network calls each time it is invoke in order to check for dependencies updates. This is not only bad for reproducibility and privacy, but it's also a concern for supply chain attacks, since most developers are unaware that this is occurring. Instead, we pin to the lockfile. Installing dependencies can be done with `cargo fetch` and updating dependencies must be explicitly done by the developer, with the lockfile updated.
Diffstat (limited to 'tamer/tests/tameld.rs')
0 files changed, 0 insertions, 0 deletions