Open
Description
Problem
Installing binaries using cargo install --version <version> <crate>
will fail if version is yanked.
Crates can be yanked for different reasons. While some of those reasons are security related, not all are. Even for security related reasons, blocking the install of yanked tools is disruptive. Teams may need time to update CI, install scripts, systems, to be able to upgrade to a new version.
In CI systems it breaks and prevents reproducibility when versions of tools can disappear.
Proposed Solution
Add an option --allow-yanked
to allow installing yanked binaries.
Or, change the --force
option to allow installing yanked binaries.
Notes
No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Metadata
Assignees
Labels
Area: yanked dependenciesArea: yanked dependenciesCategory: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted`Category: proposal for a feature. Before PR, ping rust-lang/cargo if this is not `Feature accepted`Status: This issue is waiting on initial triage.Status: This issue is waiting on initial triage.