Supply Chain Attacks, and how to protect ourselves
Supply chain attacks have increased in frequency and reach, and are now also reaching the Rust ecosystem.
We'll see where we're vulnerable with Rust (build script and macros, and more), the tools we have to protect ourselves (cargo-audit and cargo-deny, cargo-vet and cargo-crev) and when to use them, and the best practices on dependencies (crates.io OIDC publishing, grace period on dependency updates, ...)
Rust still has a few topics we need to work on, like sandboxed build scripts or deterministic WASM proc macros.
We'll finish on the solution I've landed on for private projects with private registries, and how it could be generalised with namespaces for public use.
