The recent blog about new malware policy popped an idea / question popped into my brain.
When cargo does it's magic and looks at the registry when I compile something, does it, or could it trigger a warning if I have a dependency on a crate that in the rustsec list?
To help confirm that nobody is using a bad crate that they used before with no problem before it was in the rustsec list.
Yes but ground work needs to be laid. The first step is support in crates.io which recently happened. For more on where this could go, see This Development-cycle in Cargo: 1.78 | Inside Rust Blog
Isn't this exactly what cargo-audit does?
Thanks to you both for the info and thank you to rustsec.