To me, the two major problems are:

  1. no namespaces

Someone uploads “serde2”? that’s blocked forever. Someone uploads a typo version of a popular package? Too bad for you, learn how to type.

  1. the github connection

If you want to contribute to crates.io you’re bound to github. No gitlab, codeberg, gitee, sourcehut, etc.

Not sure if there are any other problems, but those two seem like the biggest things and #1 is AFAIK not something they ever want to change + it would be difficult to as one would need a migration strategy.

  • onlinepersonaOP
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    It it does fuck all for type squatting. Sure, now I’m safe from getting malicious code by doing tokio/tokiu-http, but tokiu/tokio-http can still be malicious!

    You are indeed correct. I hadn’t considered that!

    The checksum idea might work 🤔 That definitely could be possible with the new registry.