this post was submitted on 13 Jul 2026
12 points (100.0% liked)

Rust

8133 readers
185 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] SorteKanin@feddit.dk 6 points 2 days ago (1 children)

it becomes possible to discover parts of the website that exist but you can’t access.

This doesn't really apply as a concept to crates.io though, as all crates on the site are public. It seems kinda like security theater to be doing these 403s when all the data is public anyway. GitHub doing this makes sense as there are private repos.

[–] moonpiedumplings@programming.dev 4 points 2 days ago* (last edited 2 days ago)

There are probably other private parts of the crates website, like the pages for developers who are uploading crates. It makes sense to just give the same error for everything, from the same logic all in one easily auditable spot.

And of course, just because all crates on the site are public now, doesn't preclude the possibility of private crates im the future.