Idea: The “left-pad index”, a score for Rust crates that combines small size with popularity. The goal would be to find potential candidates for additions to the standard library, or at least merging into larger crates.
-
Someone publishing a new release of a package like that containing malware, i.e. a software supply chain attack.
Ah I see. We're planning some protections against that soon. Regardless, malware of any kind is against the ToS and will be taken down if discovered
-
-
Yeah, to be clear the attack only affects those who "cargo update", and only until the attack is discovered. But with large enough downloads and a long enough window-of-compromise, the attack can still be bad. Interesting paper on this: https://www.usenix.org/system/files/sec19-zimmermann.pdf …
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.