Techly NewsGet the app

Get the latest tech news

New Rust RFC Proposes Adding Support for Trusted Publishing to Crates.io


A new Rust RFC proposes "Trusted Publishing" for Crates.io, introducing short-lived access tokens via OIDC to improve security and reduce risks associ...

Inspired by PyPI, RubyGems.org, and other registries that have adopted this authentication mechanism, Rust contributors contend that Trusted Publishing will offer a major improvement for Crates supply chain security. The RFC also notes that OAuth 2.0 combined with the Open ID Connect protocol is widely used, well-documented, and the Rust ecosystem could "benefit from the cumulative security expertise intrinsically embedded into these solutions.” The new proposal to add Trusted Publishing makes a strong case for reducing the risk of leaked credentials, limiting the potential for existing crates to be hijacked or compromised.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Support

Support

Photo of trusted publishing

trusted publishing

Photo of new rust rfc

new rust rfc

Related news:

News photo

Gentoo Linux Touts Better MIPS & Alpha Platform Support

News photo

Show HN: Clace – Application Server with support for scaling down to zero

News photo

Apple Releases New AirPods Pro 2 Firmware With Support for iOS 18 Features

« Why Oxide Chose Illumos
Pokémon GO was an intelligence tool, claims Belarus military official »