Cargo has a patch feature today to address bugs and other issues in packages. When people are blocked, there are security issues, or legal issues, an organization managing may want to quickly deploy these patches.
One venue for doing this is through the registry itself, especially when the registry is managed by a company where software policy is top-down. This would need
Cargo has a patch feature today to address bugs and other issues in packages. When people are blocked, there are security issues, or legal issues, an organization managing may want to quickly deploy these patches.
One venue for doing this is through the registry itself, especially when the registry is managed by a company where software policy is top-down. This would need
In rare circumstances, a community registry like crates.io may want to do this as well, e.g. to do something like #14452.
Policy for crates.io is being left to a future RFC by that team. It should likely consider audit tools and rules including