Security advisory: malicious crate rustdecimal
@lritter I always wonder to those they find, how many are there that they don't find. Package repositories, docker registries... Endless possibilities. ⌨️ 🐒
@lritter Yeah... it's time. Lots of people been trying to warn everyone. The fact that the Rust eco-system is so utterly and completely complected with Cargo is the main reason I've tossed my hands up and walked away from Rust.
@lritter Which is a shame because the language itself is awesome and useful and worth keeping.
But I don't know if I have the power to struggle against the tides all the damned time.
@lritter But surely for Scopes/Frameloop you've got lots of prior art to learn from out there by now. :D
@photex for scopes, I wrote Major EO (majoreo.rocks), which is a project based package manager that doesn't publish or pull from a central repository, and in fact actively encourages personal preferences.
frameloop is by design sandboxed, so existence of malicious programs means we need to fix the runtime.
Mastodon server focused on game development and related topics.