Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Community driven crates registry reflector #42

Open
pinkforest opened this issue Jan 5, 2022 · 1 comment
Open

Community driven crates registry reflector #42

pinkforest opened this issue Jan 5, 2022 · 1 comment

Comments

@pinkforest
Copy link

pinkforest commented Jan 5, 2022

Just a wild idea

Would there be an interest of community "hardened" or "moderated" crates.io [registeries] reflector source that essentially filters to cargo automatically by-community-input on crates that are available to cargo via it's index ?

Essentially this would combine several tools - we could use registry hostname identifier which set of "exclusions" are to be used via the reflection.

_NOTE: I am not sure yet whether "private" community registry would work properly with the current cargo as I haven't tested doing this but there is a flag and [registry] - However even without current support it would be nice to discuss the prospect / benefits / cons _

Use-Cases

  • Filter-blacklist by yank & Advisory DB - OR -
  • Redirect to "last working or presumed secure version" (.lock will fail though)
  • Build w/ .lock's that refer to insecure / yank versions will fail

Logistics

  • I already have everything via my effort on geiger.rs except how the cargo interacts with the index / registry that I would need to roll the respective API as well as RBL style DNS naming to reflect included sets of deny/redirect-filter list.

Refs

@pinkforest
Copy link
Author

@Shnatsel - would love your feedback on this 🦄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant