In the light of the #xz backdoor, if you're a #RustLang developer, I recommend you familiarize yourself with cargo vet:
https://mozilla.github.io/cargo-vet/
Auditing your dependencies, or relying on external audits, adds an important layer of protection.
It's not a silver bullet against bad dependencies as there's no such thing. However adding more layers of protection makes attackers' lives harder and this is one of them.
Gabriele Svelto /
npub18a…9u4at
2024-04-04 12:21:23
Author Public Key
npub18a9mwvktyhlwqznq7mw8v2c96g9sv69vv8wxgnu9gn82zqmmv3vqu9u4atPublished at
2024-04-04 12:21:23Event JSON
{
"id": "421012f65b1ab42770eeb08232f6b919bcd56e0782fff5848302bfa1fe82352b",
"pubkey": "3f4bb732cb25fee00a60f6dc762b05d20b0668ac61dc644f8544cea1037b6458",
"created_at": 1712233283,
"kind": 1,
"tags": [
[
"t",
"xz"
],
[
"t",
"rustlang"
],
[
"proxy",
"https://fosstodon.org/users/gabrielesvelto/statuses/112212920498029340",
"activitypub"
]
],
"content": "In the light of the #xz backdoor, if you're a #RustLang developer, I recommend you familiarize yourself with cargo vet:\n\nhttps://mozilla.github.io/cargo-vet/\n\nAuditing your dependencies, or relying on external audits, adds an important layer of protection.\n\nIt's not a silver bullet against bad dependencies as there's no such thing. However adding more layers of protection makes attackers' lives harder and this is one of them.",
"sig": "24d29042316a6b9ac096d71106203aa2d3fd976fc812154909d5e8cd3891c6d3e676eff7512d536d9342ec8f734dce10abd3bf318bacb9b7b9bdb8aa9cd76916"
}