Article 73NDE An update to the malicious crate notification policy (Rust Blog)

An update to the malicious crate notification policy (Rust Blog)

by
jzb
from LWN.net on (#73NDE)

Adam Harvey, on behalf of the crates.ioteam has published a blogpost to inform users of a change in their practice of publishinginformation about malicious Rust crates:

The crates.io team will no longer publish a blog post each time amalicious crate is detected or reported. In the vast majority of casesto date, these notifications have involved crates that have noevidence of real world usage, and we feel that publishing these blogposts is generating noise, rather than signal.

We will always publish a RustSecadvisory when a crate is removed for containing malware. You cansubscribe to the RustSecadvisory RSS feed to receive updates.

Crates that contain malware and are seeing real usage orexploitation will still get both a blog post and a RustSecadvisory. We may also notify via additional communication channels(such as social media) if we feel it is warranted.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments