crates.io: an update to the malicious crate notification policy (blog.rust-lang.org)

submitted 1 day ago by nemeski@mander.xyz to c/rust@programming.dev

2 comments fedilink hide all child comments

top 2 comments

sorted by: hot top controversial new old

[-] ISO@lemmy.zip 5 points 1 day ago* (last edited 1 day ago)

Good move, removing some incentive from the security theater industry to exaggerate, or even manufacture, problems then "solving" them, while gaining some free ad space and "credibility" in the process, which is something I already pondered in a previous thread that had a bad smell.

[-] kbal@fedia.io 2 points 1 day ago

Reported: December 9, 2025
Issued: February 12, 2026

Does this mean it took two full months from the time some obvious "typosquat" packages got added and immediately reported before they were removed? That's for the "finch" ones, looks like they got the others right away. Maybe they were not so obvious?

this post was submitted on 13 Feb 2026

19 points (100.0% liked)

Rust

7769 readers

4 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 2 years ago

MODERATORS

snowe@programming.dev

Ategon@programming.dev

EdTheLegendary@programming.dev

kahnclusions@programming.dev

torcherist@programming.dev