1. Forum
  2. tqwNet
  3. TQW LINUX

  • An update to the malicious crate notification policy (Rust Blog)

    From LWN.net@1337:1/100 to All on Wed Feb 18 14:45:06 2026
    An update to the malicious crate notification policy (Rust Blog)

    Date:
    Wed, 18 Feb 2026 14:35:25 +0000

    Description:
    Adam Harvey, on behalf of the crates.io
    team has published a blog
    post to inform users of a change in their practice of publishing
    information about malicious Rust crates: The crates.io team will no longer publish a blog post each time a
    malicious crate is detected or reported. In the vast majority of cases
    to date, these notifications have involved crates that have no
    evidence of real world usage, and we feel that publishing these blog
    posts is generating noise, rather than signal. We will always publish a RustSec advisory when a crate is removed for containing malware. You can subscribe to the RustSec
    advisory RSS feed to receive updates. Crates that contain malware and are seeing real usage or
    exploitation will still get both a blog post and a RustSec
    advisory. We may also notify via additional communication channels
    (such as social media) if we feel it is warranted.

    ======================================================================
    Link to news story:
    https://lwn.net/Articles/1059338/


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)