Lobsters is a community-driven platform for sharing and discussing links to articles, tutorials, and projects related to technology and programming. Readers can learn about a wide range of topics, from software development and system administration to cybersecurity and artificial intelligence. With user submissions, comments, and voting, Lobsters provides a platform for collaborative learning and knowledge sharing among technology enthusiasts.

Lobsters

A critical take on the common narrative that crates.io and the Rust ecosystem are responsible for supply-chain security. The author argues that proposed solutions like namespacing, URL-based dependencies, and build sandboxing all have significant flaws, and that the Rust Foundation operates largely on volunteer labor with limited funding. The real responsibility for auditing dependencies lies with the crate users themselves. Practical tools are highlighted: lockfiles, cargo-vet, crates.io download plots, cargo-chef for sandboxing, and manual source browsing. The post pushes back against criticism of crates.io by contextualizing the resource constraints of the Rust ecosystem compared to centralized, well-funded registries.

No one owes you supply-chain security