Hi,
I'm having a really hard time making Cargo.toml/Cargo.lock package resolution in cargo-crev correct.
When the user does cargo crev verify we want to get the package set exactly like cargo build would use, include handling of things like feature flags, cfg, --no-dev-dependencies, etc. This should take into consideration existing Cargo.lock
I was recently notified that latest implementation is ignoring Cargo.lock file, which was broken in a change where I fixed --no-dev-dependencies flag.
Before attempting to again figure out the right approach, I decided to just admit that it's beyond me, and I don't have have a good grasp of the nomenclature used in cargo and its library. I wish the documentation there was a bit more verbose and explain in more details what is what.
PR fix the problem would be great, but if you can just point me to existing implementations doing roughly the same thing, or some documentation that would make my understanding of the whole thing more solid, that would be great too. Thanks a lot!