|
|
Log in / Subscribe / Register

Rustaceans at the border

Rustaceans at the border

Posted Apr 15, 2022 20:20 UTC (Fri) by shemminger (subscriber, #5739)
Parent article: Rustaceans at the border

Seems like getting a secure language with the insecurity of an external package system would be a bad tradeoff.

to post comments

Rustaceans at the border

Posted Apr 15, 2022 23:14 UTC (Fri) by ssokolow (guest, #94568) [Link]

Which is why Cargo provides multiple mechanisms for allowing projects to choose a balance that works for them. For example:
  1. By default, it generates a lockfile that stores SHA256 hashes to ensure that an attempt to slip in an unapproved change will fail the fetch.
  2. The cargo vendor command automates the process of vendoring your dependencies so you can have the benefits of a dependency manager without having to rely on an external source for the code.
  3. Should you so choose, Cargo supports overriding package sources to map them to a mirror you control.
Ensuring security shouldn't be any more difficult than with an external C codebase like zstd that you periodically import into your repo.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds