Change config paths to only check CARGO_HOME for cargo-script by 0xPoe · Pull Request #14749 · rust-lang/cargo (original) (raw)

Conversation

This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters

[ Show hidden characters]({{ revealButtonHref }})

What does this PR try to resolve?

ref #12207 (comment)
After this change, we will only check the configs from the CARGO_HOME.

How should we test and review this PR?

The test has been updated.

Additional information

r? @epage

@epage Even I found the code and changed it. But I am a little confused about your comments.

When we talked about this as a Cargo team, we decided this need to reload to cargo home, like cargo install does, to avoid downloading a script and being subject to spurious files in your ~/Downloads, at the cost of losing the config from your repo.

What do you mean by downloading a script? And what kind of spurious files might end up being created? I thought it only read the config files.

What do you mean by downloading a script? And what kind of spurious files might end up being created? I thought it only read the config files.

If I download a script off the internet, my browser will put it in ~/Downloads. That is a grab bag directory with who knows what in it. A user might have extracted a project into that directory to look at that could have dropped a .cargo/config.toml into it. The concern is with that being used when it wasn't intended. That unfortunately means we'll not load any config for cargo scripts.

0xPoe marked this pull request as ready for review