Closed
Description
Users could easily lose track of which source files are locally-cached copies of a dependency specified by a URL-like package ID. When rustpkg fetches source from a remote git repo, it should make the local copies read-only. (This won't change anyone from changing permissions on the file, but at least it will force them to think about what they're doing.)
As motivation for this, @metajack pointed out http://forums.thedailywtf.com/forums/t/27755.aspx