Saturday, March 23, 2019

Cargo package security?

Are there plans add restrictions to cargo packages? Specifying what packages are allowed to access the file system and networking? I don't know how possible this is in Rust to add these restrictions

In nodejs people may have already heard of the event-stream package that was taken over by a malicious maintainer and then used to steal bitcoin by adding a hidden payload.


No comments:

Post a Comment