Security advisory for crates.io, 2020-07-14

3 Likes

tl;dr - crates.io has been using an insecure RNG for generating API keys and used to store them in plaintext. Even though there's no evidence suggesting this has been expoited, all existing API keys have been revoked, so if you want to publish crates, you have to create a new one at crates.io/me.

1 Like