惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Martin Fowler
Martin Fowler
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 聂微东
IT之家
IT之家
GbyAI
GbyAI
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Y
Y Combinator Blog
博客园 - 【当耐特】
The Cloudflare Blog
宝玉的分享
宝玉的分享
罗磊的独立博客
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
Visual Studio Blog
小众软件
小众软件
博客园_首页
Last Week in AI
Last Week in AI
J
Java Code Geeks
V
V2EX
雷峰网
雷峰网
Apple Machine Learning Research
Apple Machine Learning Research
阮一峰的网络日志
阮一峰的网络日志
腾讯CDC
博客园 - 司徒正美
Engineering at Meta
Engineering at Meta
The GitHub Blog
The GitHub Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
D
DataBreaches.Net
博客园 - 三生石上(FineUI控件)
MyScale Blog
MyScale Blog
云风的 BLOG
云风的 BLOG
The Register - Security
The Register - Security
M
MIT News - Artificial intelligence
Microsoft Azure Blog
Microsoft Azure Blog
T
The Blog of Author Tim Ferriss
N
Netflix TechBlog - Medium
F
Full Disclosure
B
Blog
H
Help Net Security
C
Check Point Blog
WordPress大学
WordPress大学
人人都是产品经理
人人都是产品经理
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Jina AI
Jina AI
酷 壳 – CoolShell
酷 壳 – CoolShell
Blog — PlanetScale
Blog — PlanetScale
L
LangChain Blog
P
Proofpoint News Feed
D
Docker
Microsoft Security Blog
Microsoft Security Blog

Rust Blog

Security Advisory for Cargo (CVE-2026-5223) | Rust Blog Security Advisory for Cargo (CVE-2026-5222) | Rust Blog Project goals update — April 2026 (end of 2025H2) | Rust Blog Rust is participating in Outreachy | Rust Blog Raising the baseline for the `nvptx64-nvidia-cuda` target | Rust Blog Announcing Google Summer of Code 2026 selected projects | Rust Blog Announcing Rust 1.95.0 | Rust Blog docs.rs: building fewer targets by default | Rust Blog Changes to WebAssembly targets and handling undefined symbols | Rust Blog Announcing Rust 1.94.1 | Rust Blog Security advisory for Cargo | Rust Blog What we heard about Rust's challenges | Rust Blog Call for Testing: Build Dir Layout v2 | Rust Blog Announcing rustup 1.29.0 | Rust Blog Announcing Rust 1.94.0 | Rust Blog 2025 State of Rust Survey Results | Rust Blog Rust debugging survey 2026 | Rust Blog Update on the October 15, 2018 incident on crates.io Announcing Rust 1.29.2 Announcing Rust 1.29 Announcing Rust 1.28 What is Rust 2018? Announcing Rust 1.27.2 Announcing Rust 1.27.1 Security Advisory for rustdoc Announcing Rust 1.27 Announcing Rust 1.26.2 Announcing Rust 1.26.1 Rust turns three Announcing Rust 1.26 The Rust Team All Hands in Berlin: a Recap Increasing Rust’s Reach 2018 Announcing Rust 1.25 Rust's 2018 roadmap Announcing Rust 1.24.1 Announcing Rust 1.24 The 2018 Rust Event Lineup Announcing Rust 1.23 New Year's Rust: A Call for Community Blogposts Rust in 2017: what we achieved Announcing Rust 1.22 (and 1.22.1) Fearless Concurrency in Firefox Quantum Announcing Rust 1.21 impl Future for Rust Rust 2017 Survey Results Announcing Rust 1.20 Announcing Rust 1.19 The 2017 Rust Conference Lineup Rust's 2017 roadmap, six months in Increasing Rust’s Reach Announcing Rust 1.18 Two years of Rust The Rust Libz Blitz Launching the 2017 State of Rust Survey Announcing Rust 1.17 Announcing Rust 1.16 Rust's language ergonomics initiative Announcing Rust 1.15.1 Rust's 2017 roadmap Announcing Rust 1.15 Announcing Rust 1.14 Announcing the First Underhanded Rust Contest Announcing Rust 1.13 Announcing Rust 1.12.1 Announcing Rust 1.12 Incremental Compilation Announcing Rust 1.11 Shape of errors to come The 2016 Rust Conference Lineup Announcing Rust 1.10 State of Rust Survey 2016 Announcing Rust 1.9 One year of Rust Taking Rust everywhere with rustup Launching the 2016 State of Rust Survey Cargo: predictable dependency management Introducing MIR Announcing Rust 1.8 Announcing Rust 1.7 Announcing Rust 1.6 Announcing Rust 1.5 Announcing Rust 1.4 Announcing Rust 1.3 Rust in 2016 Announcing Rust 1.2 Rust 1.1 stable, the Community Subteam, and RustCamp Announcing Rust 1.0 Abstraction without overhead: traits in Rust Rust Once, Run Everywhere Mixing matching, mutation, and moves in Rust Fearless Concurrency with Rust Announcing Rust 1.0 Beta Announcing Rust 1.0.0.alpha.2 Rust 1.0: status report and final timeline Announcing Rust 1.0 Alpha Rust 1.0: Scheduling the trains Yehuda Katz and Steve Klabnik are joining the Rust Core Team Cargo: Rust's community crate host Stability as a Deliverable Road to Rust 1.0
Rustup 1.24.0 release incident report for 2021-04-27 | Inside Rust Blog
Daniel Silverstone on behalf of the Rustup team · 2021-04-28 · via Rust Blog

On 2021-04-27 at 15:09 UTC we released a new version of Rustup (1.24.0). At 15:23 UTC we received a report that we had introduced a regression in the part of the code which is responsible for proxying the rustfmt and cargo-fmt portions of Rust toolchains. At 15:27 UTC we had confirmed and identified the cause of the problem, and while we worked on a fix, we reverted the released Rustup to version 1.23.1 - an action completed by 15:56 UTC.

This means that for approximately 47 minutes, CI jobs which used the code formatting features of Rust toolchains may have had spurious failures, and users who upgraded will have had to revert to 1.23.1. The revert process is designed to be as easy as upgrading was, meaning that users should not have had lingering issues.

Root cause of the issue

In an effort to reduce confusion when downloaded copies of rustup-init.exeare renamed we merged a change which causes Rustup to report an error if an unknown name is used when invoking the binary.

Due to past complexities with rustfmt and cargo-fmt being binaries which tended to be distributed by cargo install rather than via rustup component add there is some intricate handling in Rustup's proxy management for those specific binaries. The fix for the above issue failed to include these corner case proxies in the check it undertook to ensure the caller hadn't used an unexpected binary name.

The 1.24.0 release had been staged at this point, however there was a problem with the low-memory installation pathways which required a fix, and at the time we incorrectly assessed that it was low-impact to rebase the release onto the new master branch which had not only the fix for the low-memory installation pathway but also the "refuse bad names" change for the above issue.

Subsequent testing of the release focussed almost entirely on the installation pathways, omitting to validate the proxy name verification code we had also acquired into the release. As a result, this regression slipped in.

Resolution

The author of the validation PR correctly identified it as the root-cause of the regression, and the team discussed and decided that it was better to fix the problem properly than to simply revert the change out of the release.

The release team member who was helping with the release process began the revert to Rustup 1.23.1 while the fixes were developed. In addition an issue was filed around adding some tests around all the proxies (we currently test a subset which we believed to be representative). We subsequently staged a proposed 1.24.1 release to Rust's development stage and we have issued a call for beta testers to confirm that we have not introduced any other regressions.

Lessons learned

The big lesson here is that while we've taken similar notes away from past releases of Rustup and other tooling, we've not yet managed to set up a proper beta-testing process for Rustup. As such we will be making changes to the Rustup release process to codify testing phases with the wider community.

Long term changes to Rustup releases

In order to try and reduce the chance of this happening again, the release process will be updated to include a public beta-testing phase for any non- purely-bugfix release and we intend to look into the possibility of a "nightly" Rustup release for a small subset of platforms.

Finally we are hoping to work with the release team to do what we can to unify the Rustup release process with the well oiled Rust release process though, due to the historical differences in how Rustup has been released, this will likely be a long term effort.

Action items

  • #2739: Testing for proxying, including TOOLS and DUP_TOOLS
  • #2741: Release process should include explicit beta test period

And as mentioned above, longer term we shall look to see what unification we can do between releasing Rustup and how the Rust release train runs.