Remove images from published crates.io source code #618
Conversation
afl/Cargo.toml
Outdated
| @@ -11,6 +11,7 @@ description = "Fuzzing Rust code with american-fuzzy-lop" | |||
| repository = "https://github.com/rust-fuzz/afl.rs" | |||
| homepage = "https://github.com/rust-fuzz/afl.rs" | |||
| edition = "2021" | |||
| include = ["README.md", "build.rs", "src/**/*.rs", "examples/**/*.rs"] | |||
There was a problem hiding this comment.
| include = ["README.md", "build.rs", "src/**/*.rs", "examples/**/*.rs"] | |
| exclude = ["etc"] |
I am afraid the include would cause something to break down the road, and that I would forget it was there.
Could I impose on you to make the same change here?
Lines 14 to 15 in 924fe86
There was a problem hiding this comment.
Sure, no problem
I've pushed an update changing that.
I personally prefer the explicit include syntax as it also prevents accidentally including other stuff that happens to be around while doing a cargo publish.
There was a problem hiding this comment.
I personally prefer the explicit include syntax as it also prevents accidentally including other stuff that happens to be around while doing a cargo publish.
Your point is well taken, and I might change my mind in six months. :)
Thanks again. 🙏
While reviewing dependencies I noticed that the published source code of the `afl` crate includes binary data (images). Removing them reduces the size of the published tar-ball from 1.3MB to 6KB, which is a size reduction of several orders of magnitude. This would save crates.io more than 125GB of traffik per 90 days according to their download numbers. There are two main benifits of that change: * Drastical reduction of download size * Removes binary data from a crates that contains a build script, which hopefully makes the crate a bit more robust against potential supply chain attacks similar to the xz incident. The images seem to be used in the Readme. I've replaced them with links to the images hosted at github there so that the readme is still rendered correctly at crates.io.
weiznich
force-pushed
the
feature/remove_pictures
branch
from
dfa27e6 to
f662d19
Compare
While reviewing dependencies I noticed that the published source code of the
aflcrate includes binary data (images). Removing them reduces the size of the published tar-ball from 1.3MB to 6KB, which is a size reduction of several orders of magnitude. This would save crates.io more than 125GB of traffik per 90 days according to their download numbers.There are two main benifits of that change:
The images seem to be used in the Readme. I've replaced them with links to the images hosted at github there so that the readme is still rendered correctly at crates.io.