Skip to content

Commit b47f376

Browse files
LawnGnomeLawnGnome
committed
Note the RustSec RSS feed (and thank Dirkjan).
1 parent 25521cc commit b47f376

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

content/crates.io-malicious-crate-update.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ team_url = "https://www.rust-lang.org/governance/teams/dev-tools#team-crates-io"
1010

1111
The crates.io team will no longer publish a blog post each time a malicious crate is detected or reported. In the vast majority of cases to date, these notifications have involved crates that have no evidence of real world usage, and we feel that publishing these blog posts is generating noise, rather than signal.
1212

13-
We will always publish a [RustSec][rustsec] advisory when a crate is removed for containing malware. Please see the links below for examples of what these advisories look like.
13+
We will always publish a [RustSec][rustsec] advisory when a crate is removed for containing malware. You can subscribe to the [RustSec advisory RSS feed][rss] to receive updates.
1414

1515
Crates that contain malware _and_ are seeing real usage or exploitation will still get both a blog post and a RustSec advisory. We may also notify via additional communication channels (such as social media) if we feel it is warranted.
1616

@@ -25,11 +25,12 @@ In all cases, the crates were deleted, the user accounts that published them wer
2525

2626
## Thanks
2727

28-
Once again, our thanks go to Matthias and Socket for their reports. We also want to thank Emily Albini from the security response working group and Walter Pearce from the [Rust Foundation][foundation] for aiding in the response.
28+
Once again, our thanks go to Matthias and Socket for their reports. We also want to thank Dirkjan Ochtman from the secure code working group, Emily Albini from the security response working group, and Walter Pearce from the [Rust Foundation][foundation] for aiding in the response.
2929

3030
[advisory-polymarket]: https://rustsec.org/advisories/RUSTSEC-2026-0010.html
3131
[foundation]: https://foundation.rust-lang.org/
3232
[last-post]: https://blog.rust-lang.org/2025/12/05/crates.io-malicious-crates-finch-rust-and-sha-rust/
3333
[ngi-sweden]: https://ngisweden.scilifelab.se/
34+
[rss]: https://rustsec.org/feed.xml
3435
[rustsec]: https://rustsec.org/
3536
[socket]: https://socket.dev/

0 commit comments

Comments
 (0)