• ContentWeekly EditionArchivesSearchKernelSecurityEvents calendarUnread commentsLWN FAQWrite for us Weekly Edition Archives Search Kernel Security Events calendar Unread comments LWN FAQ Write for us EditionReturn to the Briefs page Return to the Briefs page An update to the malicious crate notification policy (Rust Blog) Adam Harvey, on behalf of thecrates.io teamhas published ablog postto inform users of a change in their practice of publishing information about malicious Rust crates: The crates.io team will no longer publish a blog post each time a malicious crate is detected or reported. • In the vast majority of cases to date, these notifications have involved crates that have no evidence of real world usage, and we feel that publishing these blog posts is generating noise, rather than signal. • We will always publish aRustSecadvisory when a crate is removed for containing malware. • You can subscribe to theRustSec advisory RSS feedto receive updates. • Crates that contain malware and are seeing real usage or exploitation will still get both a blog post and a RustSec advisory. • We may also notify via additional communication channels (such as social media) if we feel it is warranted.
Sources: