To comply with DMCA, we need a guaranteed way to contact publishers of content on crates.io. We've added the ability to verify your email address associated with your crates.io account, and we're going to require a verified email address to be able to cargo publish
to crates.io starting on 2019-02-28 (coinciding with the release of Rust 1.33.0).
Starting with stable Rust 1.32.0 that will be released on 2019-01-17, if you run cargo publish
using stable Rust and you have not verified an email address, the publish will work but you'll see a warning encouraging you to verify an email address before 2019-02-28. We'll warn for that whole release cycle. The warning will look something like this (exact wording is yet to be determined):
Starting on that date, if you run cargo publish
with any Rust version and have not verified an email address, the publish won't work and you'll get an error that says you need to verify an email address. The error will look something like this (exact wording is yet to be determined):
You can verify or change your email at any time by logging in to crates.io, clicking on your icon/name in the upper right, choosing "Account Settings" from the menu, and going to the "User Email" section.
Some implementation details:
- The verified email address is not associated at all to the email address that may optionally appear in the
authors
metadata in the crate'sCargo.toml
. - Your verified email address won't be displayed anywhere publicly (unless you choose to place it in your
Cargo.toml
as well). - This email will only be used to contact you for crates.io operational needs and will never be shared with any third parties.
- Only the crate owner running
cargo publish
will need to have their email address verified. - The email address will be saved with the particular version being published at publish time, so that if an owner is removed from the crate or removes their email address, it's still available with the published content.