evujumenuk

It’s been a while since I last touched Rust, but there’s a discussion on whether to commit Cargo lockfiles to version control, and the consensus is basically that you should do it if your crate is primarily a binary, and, conversely, you shouldn’t if it’s primarily a library. It acknowledges that code at the apex of the dependency graph should follow different rules than everything below it, and this kind of reasoning could apply to licenses in similar ways.

That’s the most sensible thing I’ve read all day. I think much of the reasoning for Cargo lockfiles could apply here as well.