The recent blog about new malware policy popped an idea / question popped into my brain.
When cargo does it's magic and looks at the registry when I compile something, does it, or could it trigger a warning if I have a dependency on a crate that in the rustsec list?
To help confirm that nobody is using a bad crate that they used before with no problem before it was in the rustsec list.
2 Likes
Yes but ground work needs to be laid. The first step is support in crates.io which recently happened. For more on where this could go, see This Development-cycle in Cargo: 1.78 | Inside Rust Blog
3 Likes
Isn't this exactly what cargo-audit does?
2 Likes
Thanks to you both for the info and thank you to rustsec.