this post was submitted on 24 Aug 2023
43 points (90.6% liked)

Rust Programming

8011 readers
1 users here now

founded 5 years ago
MODERATORS
nutomic@lemmy.ml
Joe@lemmy.ml
AgreeableLandscape@lemmy.ml
43
Rust Malware Staged on Crates.io (blog.phylum.io)
submitted 1 year ago by wolf4ood@lemmy.ml to c/rust@lemmy.ml
5 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[โ€“] Lucky@lemmy.ml 5 points 1 year ago (1 children)

Another way to mitigate type squatting would be namespacing crates. Much easier to verify who owns the package and related packages

[โ€“] Vorpal@programming.dev 1 points 1 year ago

Doesn't really help: what if you typo the namespace instead? Same exact issue. Namespaces are useful for other things though, but not security.