Thanks for your detailed input, I’m glad to hear that there is a team that does look out for things at crates.io, and that I can host my own registry.

I’ve been wanting to write rust for quite some time, but I can’t get over crates. The system just seems insecure to me. What happens in 10 years when the servers go down? Is there any sort of mitigation for supply chain attacks? As I understand it anyone can submit code; what’s stopping someone from putting malicious code into a crate I’ve been using?

I suppose these are risks for any third party package system though.

I’ve used Flutter infrequently and have experienced things like this with their package system.

Just got the kit!

R.I.P. Gary Kildall 😥

Not the World Canadian Bureau!

I’ve used the same Arch install from about 2018. Regular updates, several AUR packages (pikaur), a migrate to md raid home and root, encrypted root/home, major hardware upgrades; all with no issues.

The removal of python 2 was the hardest thing I’ve had to handle; but that really wasn’t difficult with understanding of the package manager.