Unexpected binaries in the published crate

Question

Unexpected binaries in the published crate

FauxFaux opened this issue 5 years ago · 3 comments

A concerned citizen, although apparently not concerned enough to use github, has noticed something that concerns them.
Some binaries, named vim10m_match and vim10m_table, have made it into the vte 0.3.3 release on crates.io, visible https://docs.rs/crate/vte/0.3.3/source/

These binaries then get vendor'd into the actual rustc source downloads.

Could you please do a release which.. doesn't have random binaries, and other unpublished code, in?

Answer 1 · 2019-09-27T17:07:07.000Z

Browsing the link you provided, there's a vim10m.rs file that looks familiar. I need to check my other machine, but I believe that's code related to some experimenting I did a long time ago. I guess cargo must bundle whatever is in the working directory? Or at least did at the time..

I'll report back on that. We can certainly publish a clean version in any case.

Answer 2 · 2019-09-27T21:32:41.000Z

I believe cargo publish (nowadays) tries hard to not publish uncommitted stuff, but maybe you were on a branch, or something. All good!

Answer 3 · 2020-01-20T21:27:08.000Z

@chrisduerr I feel like this should be closed now, since we've released v0.4.0 and v0.5.0 already.