You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Would there be an interest of community "hardened" or "moderated" crates.io [registeries] reflector source that essentially filters to cargo automatically by-community-input on crates that are available to cargo via it's index ?
Essentially this would combine several tools - we could use registry hostname identifier which set of "exclusions" are to be used via the reflection.
_NOTE: I am not sure yet whether "private" community registry would work properly with the current cargo as I haven't tested doing this but there is a flag and [registry] - However even without current support it would be nice to discuss the prospect / benefits / cons _
Use-Cases
Filter-blacklist by yank & Advisory DB - OR -
Redirect to "last working or presumed secure version" (.lock will fail though)
Build w/ .lock's that refer to insecure / yank versions will fail
Logistics
I already have everything via my effort on geiger.rs except how the cargo interacts with the index / registry that I would need to roll the respective API as well as RBL style DNS naming to reflect included sets of deny/redirect-filter list.
Just a wild idea
Would there be an interest of community "hardened" or "moderated" crates.io [registeries] reflector source that essentially filters to cargo automatically by-community-input on crates that are available to cargo via it's index ?
Essentially this would combine several tools - we could use registry hostname identifier which set of "exclusions" are to be used via the reflection.
_NOTE: I am not sure yet whether "private" community registry would work properly with the current cargo as I haven't tested doing this but there is a flag and [registry] - However even without current support it would be nice to discuss the prospect / benefits / cons _
Use-Cases
Logistics
Refs
The text was updated successfully, but these errors were encountered: