Security advisory: malicious crate rustdecimal
https://blog.rust-lang.org/2022/05/10/malicious-crate-rustdecimal.html
@gnarly_parker if only one could automate such a task ;)
@lritter Yeah... it's time. Lots of people been trying to warn everyone. The fact that the Rust eco-system is so utterly and completely complected with Cargo is the main reason I've tossed my hands up and walked away from Rust.
@lritter Which is a shame because the language itself is awesome and useful and worth keeping.
But I don't know if I have the power to struggle against the tides all the damned time.
@lritter But surely for Scopes/Frameloop you've got lots of prior art to learn from out there by now. :D
@photex for scopes, I wrote Major EO (majoreo.rocks), which is a project based package manager that doesn't publish or pull from a central repository, and in fact actively encourages personal preferences.
frameloop is by design sandboxed, so existence of malicious programs means we need to fix the runtime.
@lritter I always wonder to those they find, how many are there that they don't find. Package repositories, docker registries... Endless possibilities. ⌨️ 🐒