Cargo install and lock file


#1

Is this normal behavior that cargo install don’t respect lock file and downloads/compiles newest versions of dependencies? There’s no versions specified in toml file.


#2

Cargo.lock isn’t included in the package uploaded to crates.io, so there’s no way for cargo install to use the lockfile for these packages. This feels like a bug, especially because installing the same package using cargo install --git <repo> will correctly use the lockfile.

I filed an issue to for this: https://github.com/rust-lang/cargo/issues/2263


#3

Thanks!