We have a new post up on our blog -- if you're not able to use Rust at work because policies prevent you from installing crates from crates.io, we'd like to hear from you about what exactly you'd need! Details are in the post about what we're looking for. We'd love to provide a product or service that would help more companies adopt Rust
I'd love an easy way to host and manage private, closed source crates. It would simplify a few things for us. We are already using rust in production so obviously it wasn't a deal breaker.
Similar story here.
For Python and JS, we use internal registries that keep local caches of packages requested (at the time of the request) which is really nice since it means we don't need to mirror the universe.
It also affords us a place to publish packages we don't plan to open source, which in the case of rust, I suppose we could simply rely on our internal fit git repos, but having a registry is preferred for discoverability.
We don't have any real requirements for ACL or auth schemes, though we tend to run package releases through CI so having a non-interactive way to publish is helpful.
To give feedback, my own companies are pretty open and would allow directly using cargo.
Would be interesting if such a tool had marketplace like functionality allowing people to sell their own crates. And of course you guys take a cut.
At work I use it in such way:
[dependicies]
crate_name = { git = "url/to/private/repo", rev = "fdafaf" }
what additional functionality you want?
The ability to pin against a version instead of a hash. Version numbers can convey a lot of information that hashes can't. "Is X higher than Y" "Where there breaking changes between these releases?"
you could just create a git tag and then:
[dependecies]
crate_name = { git = "/url/to/private/repo", tag = "{your.tag.version}" }
look here
It'd be nice if you can have an internal crates server where you are able to push internal projects so it can be used inside the company. At the moment I'm just specifying dependencies as git repos, but then you lose a lot of the version information.
There should be a config file in ~/.cargo/
where you can tell it "here's the URL for crates.io". That way using your internal server is just a case of overriding the default and pointing it at your company's server.
Also, if it can act as a cache to decrease download times or if crates.io ever goes down (or someone accidentally goes and digs up the fibre optic cables carrying your internet), that would be reassuring for management.