Thanks for your detailed input, I’m glad to hear that there is a team that does look out for things at crates.io, and that I can host my own registry.

I’ve been wanting to write rust for quite some time, but I can’t get over crates. The system just seems insecure to me. What happens in 10 years when the servers go down? Is there any sort of mitigation for supply chain attacks? As I understand it anyone can submit code; what’s stopping someone from putting malicious code into a crate I’ve been using?

I suppose these are risks for any third party package system though.

I’ve used Flutter infrequently and have experienced things like this with their package system.

Mine too!

Always, and at work too.

I thought so too!

Uhhh

https://youtu.be/ZJOfyMCEzjQ?si=nEff3VlOaLXuUEPS

It’s stroganoff Thursday!

This.

EE Here, I like this answer.