Rust’s Cargo team used to recommend committing Cargo.lock for files with binaries but not libraries, but now says do what is best for your project. Credit: cortixxx Rather than encouraging Rust developers to commit their Cargo.lock file for packages with binaries but not libraries, Rust’s Cargo team now recommends developers do whatever is best for their project. The change in guidance, from the team behind the Rust package manager, is being made in light of the Rust language becoming more mainstream. A Cargo.lock lockfile is intended to describe state at the time of a successful build. In recommending people do what is best for the project, the team still suggests committing Cargo.lock as the starting point of their decision making. The cargo new command will no longer ignore Cargo.lock for libraries. The Cargo team encourages regular testing against latest dependencies. In a bulletin published August 29, the Cargo team said that the old guidelines ensured libraries tested their latest dependencies, helping to maintain high quality within Rust’s package ecosystem by ensuring issues, particularly backward compatibility, were quickly resolved. The team believed it helped promote a “culture of quality” in the nascent ecosystem. But there have been downsides, such as removing history from the code bases, making bisecting to find the root cause of a bug more difficult for maintainers. And confusion could result for contributors, from an unreliable CI (continuous integration) when a dependency is removed or a new release has a bug. Since this guideline was written, Rust has moved from being a language for early adopters to being more mainstream; the on-boarding experience of new Rust developers must be kept in mind. Wider adoption also means it is not always practical to assume everyone is using the latest Rust release. Further, the wider ecosystem has seen CI become easier to set up and maintain. Products such as Dependabot and Renovate have opened up options besides having version control ignore Cargo.lock to test new dependencies. The Cargo team now believes it is best to leave the choice to developers while giving them the information needed to make a decision. Developers can offer feedback on this policy on GitHub, or they can reach out to the Cargo team on Zulip. Related content feature What is Rust? Safe, fast, and easy software development Unlike most programming languages, Rust doesn't make you choose between speed, safety, and ease of use. Find out how Rust delivers better code with fewer compromises, and a few downsides to consider before learning Rust. By Serdar Yegulalp Nov 20, 2024 11 mins Rust Programming Languages Software Development how-to Kotlin for Java developers: Classes and coroutines Kotlin was designed to bring more flexibility and flow to programming in the JVM. Here's an in-depth look at how Kotlin makes working with classes and objects easier and introduces coroutines to modernize concurrency. By Matthew Tyson Nov 20, 2024 9 mins Java Kotlin Programming Languages analysis Azure AI Foundry tools for changes in AI applications Microsoft’s launch of Azure AI Foundry at Ignite 2024 signals a welcome shift from chatbots to agents and to using AI for business process automation. By Simon Bisson Nov 20, 2024 7 mins Microsoft Azure Generative AI Development Tools news Microsoft unveils imaging APIs for Windows Copilot Runtime Generative AI-backed APIs will allow developers to build image super resolution, image segmentation, object erase, and OCR capabilities into Windows applications. By Paul Krill Nov 19, 2024 2 mins Generative AI APIs Development Libraries and Frameworks Resources Videos