306
submitted 5 months ago by joojmachine@lemmy.ml to c/linux@lemmy.ml
you are viewing a single comment's thread
view the rest of the comments
[-] delirious_owl@discuss.online 2 points 5 months ago

I wait until cargo is actually secure.

[-] uhN0id@programming.dev 1 points 5 months ago
[-] delirious_owl@discuss.online 5 points 5 months ago

It doesn't verify downloads are authentic. Its an issue with almost all programming dependency managers besides mature ones like Java's Maven.

Python has been working with Facebook to fix this in pip for like a decade.

But obviously it shows that rust isn't so concerned about security.

[-] uhN0id@programming.dev 3 points 5 months ago

Ah interesting. Thank you, you're giving me something to read about that I never considered for crates. I guess I just assumed because of the scrutiny Rust was built with and continues to go through that it would also apply to verifying crates. I have definitely heard about it with NPM so it should have been obvious that it might not be any different for crates. Thanks again!

this post was submitted on 31 May 2024
306 points (98.4% liked)

Linux

48334 readers
1347 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS