Rust

7689 readers

26 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 2 years ago

MODERATORS

snowe@programming.dev

Ategon@programming.dev

EdTheLegendary@programming.dev

kahnclusions@programming.dev

torcherist@programming.dev

How Safe is the Rust Ecosystem? A Deep Dive into crates.io (mr-leshiy-blog.web.app)

submitted 1 week ago by codeinabox@programming.dev to c/rust@programming.dev

5 comments fedilink hide all child comments

cross-posted from: https://lemmy.bestiver.se/post/854816

Comments

you are viewing a single comment's thread
view the rest of the comments

[–] FizzyOrange@programming.dev 4 points 1 week ago (1 children)

Yeah unfortunately these numbers don't really allow any conclusions to be drawn at all.

Also they're not really related to supply chain security which is more about deliberate subterfuge. I think the interesting stat there would be how many authors are being trusted typically for each crate.

[–] MoSal@programming.dev 2 points 1 week ago

I have the feeling that this wasn't even done properly (e.g. checking default versions only). Using downloads alone is also not a good filter.

I may give this some time tomorrow and provide my own numbers.