As mentioned in this post in the original thread mentioned at the start here, there may be legitimate reasons for diffs between the .crate
and VCS checkout. This includes:
- Git's
export-ignore
attribute that leaves files out of its archives - Git's
export-subst
that does placeholder expansion when inserting content into the archive (note that things like short hashes can change over time as the default short hash length grows as the repository does or collisions appear) - I believe
cargo
itself can ignore files either by configuration or behavior (Cargo.lock
for libraries?) - VCS filters like
git-lfs
orgit-annex
being present and active for a given checkout (I only install LFS hooks per-repo as needed…I hate being surprised with large file downloads on clone) - Submodules probably throw wrenches around here because why not
I can think of ways this can DoS crates.io
(hi there, here's Chromium's repo…).