|
|
Log in / Subscribe / Register

Rustaceans at the border

Rustaceans at the border

Posted Apr 15, 2022 23:14 UTC (Fri) by ssokolow (guest, #94568)
In reply to: Rustaceans at the border by shemminger
Parent article: Rustaceans at the border

Which is why Cargo provides multiple mechanisms for allowing projects to choose a balance that works for them. For example:

  1. By default, it generates a lockfile that stores SHA256 hashes to ensure that an attempt to slip in an unapproved change will fail the fetch.
  2. The cargo vendor command automates the process of vendoring your dependencies so you can have the benefits of a dependency manager without having to rely on an external source for the code.
  3. Should you so choose, Cargo supports overriding package sources to map them to a mirror you control.
Ensuring security shouldn't be any more difficult than with an external C codebase like zstd that you periodically import into your repo.

to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds