Comment by rectang
1 year ago
> "how many owners am I depending on"
Yes, knowing that would be helpful!
Is there a way to whitelist owners/publishers in Cargo?
1 year ago
> "how many owners am I depending on"
Yes, knowing that would be helpful!
Is there a way to whitelist owners/publishers in Cargo?
There is `cargo-deny` that handles some enforcement: https://github.com/EmbarkStudios/cargo-deny. Doesn't handle authors, but I suspect it's easy to add?
There is really just a handful of crates that nearly often get pulled in and probably like 5 authors across them.
Supply chain harderning is pretty easy in rust: caro-deny, cargo-suply-chain, cargo-crev, cargo-vet, cargo-{s}bom and probably a few more I can't remember.
No tool for that exists afaik, but all the pieces to make it are there.