Limit registry-index dependency field to registry sources only
#15503
Labels
A-manifest
Area: Cargo.toml issues
C-enhancement
Category: enhancement
Command-package
Command-publish
S-accepted
Status: Issue or feature is accepted, and has a team member available to help mentor or review
Comments
epage
added
Command-publish
Command-package
A-manifest
|
We could have the manifest parser error if the Source is not a Registry. That might cause problems with the verify step though. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
When publishing a package with a custom registry, Cargo resolves the dependency
registryfield toregistry-index(#14500). However,registry-indexis for internal purposes only and this is not intended as a means for people to bypass the need for.cargo/config.toml(see #12738 for that use case).We should look into a way to close this hole to avoid people relying on it unintentionally.
The text was updated successfully, but these errors were encountered: