惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

F
Fortinet All Blogs
宝玉的分享
宝玉的分享
酷 壳 – CoolShell
酷 壳 – CoolShell
T
The Exploit Database - CXSecurity.com
Help Net Security
Help Net Security
腾讯CDC
Project Zero
Project Zero
C
CXSECURITY Database RSS Feed - CXSecurity.com
IT之家
IT之家
C
Cyber Attacks, Cyber Crime and Cyber Security
T
Tailwind CSS Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
LINUX DO - 最新话题
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Threatpost
N
News | PayPal Newsroom
C
Cybersecurity and Infrastructure Security Agency CISA
Hacker News - Newest:
Hacker News - Newest: "LLM"
S
SegmentFault 最新的问题
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
P
Proofpoint News Feed
A
Arctic Wolf
B
Blog RSS Feed
Forbes - Security
Forbes - Security
P
Privacy & Cybersecurity Law Blog
Attack and Defense Labs
Attack and Defense Labs
V2EX - 技术
V2EX - 技术
P
Proofpoint News Feed
I
Intezer
Application and Cybersecurity Blog
Application and Cybersecurity Blog
阮一峰的网络日志
阮一峰的网络日志
aimingoo的专栏
aimingoo的专栏
T
Tenable Blog
MyScale Blog
MyScale Blog
U
Unit 42
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
WordPress大学
WordPress大学
W
WeLiveSecurity
D
DataBreaches.Net
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
G
GRAHAM CLULEY
有赞技术团队
有赞技术团队
Martin Fowler
Martin Fowler
罗磊的独立博客
The Last Watchdog
The Last Watchdog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
V
Vulnerabilities – Threatpost
美团技术团队
Microsoft Security Blog
Microsoft Security Blog

Rust Blog

Security Advisory for Cargo (CVE-2026-5223) | Rust Blog Security Advisory for Cargo (CVE-2026-5222) | Rust Blog Project goals update — April 2026 (end of 2025H2) | Rust Blog Rust is participating in Outreachy | Rust Blog Raising the baseline for the `nvptx64-nvidia-cuda` target | Rust Blog Announcing Google Summer of Code 2026 selected projects | Rust Blog Announcing Rust 1.95.0 | Rust Blog docs.rs: building fewer targets by default | Rust Blog Changes to WebAssembly targets and handling undefined symbols | Rust Blog Announcing Rust 1.94.1 | Rust Blog Security advisory for Cargo | Rust Blog What we heard about Rust's challenges | Rust Blog Call for Testing: Build Dir Layout v2 | Rust Blog Announcing rustup 1.29.0 | Rust Blog Announcing Rust 1.94.0 | Rust Blog 2025 State of Rust Survey Results | Rust Blog Rust debugging survey 2026 | Rust Blog Update on the October 15, 2018 incident on crates.io Announcing Rust 1.29.2 Announcing Rust 1.29 Announcing Rust 1.28 What is Rust 2018? Announcing Rust 1.27.2 Announcing Rust 1.27.1 Security Advisory for rustdoc Announcing Rust 1.27 Announcing Rust 1.26.2 Announcing Rust 1.26.1 Rust turns three Announcing Rust 1.26 The Rust Team All Hands in Berlin: a Recap Increasing Rust’s Reach 2018 Announcing Rust 1.25 Rust's 2018 roadmap Announcing Rust 1.24.1 Announcing Rust 1.24 The 2018 Rust Event Lineup Announcing Rust 1.23 New Year's Rust: A Call for Community Blogposts Rust in 2017: what we achieved Announcing Rust 1.22 (and 1.22.1) Fearless Concurrency in Firefox Quantum Announcing Rust 1.21 impl Future for Rust Rust 2017 Survey Results Announcing Rust 1.20 Announcing Rust 1.19 The 2017 Rust Conference Lineup Rust's 2017 roadmap, six months in Increasing Rust’s Reach Announcing Rust 1.18 Two years of Rust The Rust Libz Blitz Launching the 2017 State of Rust Survey Announcing Rust 1.17 Announcing Rust 1.16 Rust's language ergonomics initiative Announcing Rust 1.15.1 Rust's 2017 roadmap Announcing Rust 1.15 Announcing Rust 1.14 Announcing the First Underhanded Rust Contest Announcing Rust 1.13 Announcing Rust 1.12.1 Announcing Rust 1.12 Incremental Compilation Announcing Rust 1.11 Shape of errors to come The 2016 Rust Conference Lineup Announcing Rust 1.10 State of Rust Survey 2016 Announcing Rust 1.9 One year of Rust Taking Rust everywhere with rustup Launching the 2016 State of Rust Survey Cargo: predictable dependency management Introducing MIR Announcing Rust 1.8 Announcing Rust 1.7 Announcing Rust 1.6 Announcing Rust 1.5 Announcing Rust 1.4 Announcing Rust 1.3 Rust in 2016 Announcing Rust 1.2 Rust 1.1 stable, the Community Subteam, and RustCamp Announcing Rust 1.0 Abstraction without overhead: traits in Rust Rust Once, Run Everywhere Mixing matching, mutation, and moves in Rust Fearless Concurrency with Rust Announcing Rust 1.0 Beta Announcing Rust 1.0.0.alpha.2 Rust 1.0: status report and final timeline Announcing Rust 1.0 Alpha Rust 1.0: Scheduling the trains Yehuda Katz and Steve Klabnik are joining the Rust Core Team Cargo: Rust's community crate host Stability as a Deliverable Road to Rust 1.0
Program management update — July 2025 | Inside Rust Blog
Tomas Sedovic on behalf of Edition & Goals teams · 2025-08-05 · via Rust Blog

Welcome to the second Rust PM update!

Things were a bit busy in personal life. We had to temporarily move to a smaller apartment which was quite time-consuming and energy-draining. And after that, I took a week off and we spent it in the mountains.

So things were slower in July. What dominated was the Project Goals work.

Wrapping up 2025 H1 goals

As we entered the second half of the year, it was time to wrap up the current Project Goals and get the new ones going. In the spirit of helping people focus on other things, I took this over.

First, I've sent a couple requests for goal updates. This lead me to noticing and filing an issue with triagebot. More details in the ping-goals retry section.

After people provided their final messages, I've published the final 2025H1 Project Goals update:

https://blog.rust-lang.org/2025/08/05/july-project-goals-update/

With that done, I've closed most of the tracking issues. Some goals are being renewed for the H2 period so we're keeping those open.

Starting 2025 H2 goals

With all of that out of the way, Niko published the call for 2025 H2 goal proposals.

Based on the feedback we've received, we've made some changes in this period:

  • We're getting the proposals in front of the teams and their leads earlier (well before the final RFC is written) so they are aware and have input into what's being proposed.
  • We're asking them to suggest what they'd like to see as a flagship goal before the final selection is made.
  • For each proposed goal, we've requested each team with asks mentioned in the goal to select a "champion" who commits to making sure the goal is not blocked by that team.

Once all the champions are selected, we'll meet with the team leads, go over the goals and figure out which ones we want to accept.

Similarly, we'll take their input regarding flagship goals.

As the goals were being proposed, Niko, Rémy, and I looked at the PRs, fixed any CI issues, and merged them.

For each team, I've opened a "call for champions" Zulip thread listing the goals that requested their support. Here's an example for the Lang team.

As with any new process, people had questions. I was there to help clarify what we're asking for, the overall plan, and next steps. When there were specific questions for a goal, I made sure to connect the right people.

Secure quorum-based cryptographic verification and mirroring for crates.io

In 2021, the Rust Foundation created the Security Initiative. Their focus is on improving the security of the Rust ecosystem by building security tools, conducting audits, creating threat models, and developing security expertise.

At the beginning of the year, they opened a goal to provide crates.io verification and mirroring:

Rustaceans need to be able to download crates and know that they're getting the crate files that were published to crates.io without modification. Rustaceans everywhere should be able to use local mirrors of crates.io, such as geographically distributed mirrors or mirrors within infrastructure (e.g. CI) that they're using.

There's a good analog to this with Linux packaging (e.g. apt or dnf): when you install a package (or upgrade your system), your computer will rarely talk directly to the main package registry. It's far more likely that it will reach a mirror hosted by a university, scientific institution, your ISP, or, in the case of CI, its provider. This lets people install their packages more quickly while saving on the upstream bandwidth and other costs.

You can do all this today with a crucial difference: how do you know that the host (or someone in-between) didn't tamper with the code? How do you know you're getting the exact same bits as if you were to reach crates.io directly?

That's broadly what the goal is about, and it involved investigations of the signing algorithms, key rotations, CI integration, releases, logging, and much more. And all of this must meet the scale and performance requirements of crates.io.

Walter Pearce and Josh Triplett did most of the work (investigation, experimentation, looking into what other package managers are doing) and talked to Cargo, Infra, Release, Bootstrap, and crates.io representatives.

Last week, Walter posted a final update on the goal's tracking issue.

The goal owners along with the team representatives agreed on the following to build an experimental MVP implementation:

  • Use TAP-16 Merkle Tree implementation of TUF (The Update Framework) for crates.io.
  • Maintain a top-level quorum but remove intermediate levels for simplicity.
  • Role keys will live in AWS KMS (Key Management Service).

They also reached a consensus with the Infrastructure team for deployment planning. The plan is for the MVP to be ready by the end of August, and they'll use it to test various optimizations to make sure it works for our tooling (rustup, releases, crates.io, etc.).

This will answer some of the open questions (which specific optimizations will fit our needs, how to implement the Merkle tree to reduce round trips, and details on hosting infrastructure) and provide enough information to write the RFC and make this fully supported and available.

These discussions and decisions happened in meetings, and there was little public communication to the rest of the Project. One of my goals is to start publishing more frequent and detailed updates on this and similar initiatives.

I've joined the signing meetings to be more aware of what's happening within this initiative.

Rust for Linux

Rust for Linux is an ongoing effort (started in 2020) to add support for Rust to the Linux kernel. The project allows people to write kernel code, such as drivers and other modules, in a memory safe language, with hopefully fewer bugs and nicer tooling. In addition, one of its goals is to allow more people get involved overall in developing the kernel thanks to the use of a modern language.

The project currently has to rely on unstable Rust. This makes it less appealing for companies and individuals as unstable features can by definition change or even be removed. We want there to be minimal (ideally zero) churn on Rust code that's been accepted to the kernel.

There's been an ongoing collaboration with the Rust Project to get the language, compiler, and tooling to a point where it can be completely compiled on stable Rust.

Rust for Linux was a flagship goal the second half of 2024 as well as the first half of 2025.

This effort requires close collaboration with the Lang and Compiler teams, among others, and contact points on both sides to bridge the gap between the two projects. Until now, that was done by Niko Matsakis, TC, et al. on the Rust side and Miguel Ojeda et al. on the Rust for Linux side.

One of the hopes of the PM role was to be able to step in and improve the communication between efforts like these and free up the Project members' time.

I am now running the meetings, preparing the agenda, making sure the tracking issues are up-to-date, and bringing any requests or concerns to the relevant Project teams or people.

Miguel Ojeda will continue to be the point of contact on the Linux side.

I helped Miguel propose two 2025 H2 goals (compiler and language features for getting Rust for Linux into stable Rust) and should they be accepted I will be the Point of contact for them.

This lets Niko disengage from the program completely and focus on the many other things he's doing across the Project.

Misc

ping-goals retry issue

The request for updates is done by the ping-goals command of @triagebot. This returned an error ("Failed to await at this time: connection closed before message completed"), but did actually ping everyone. Multiple times, in fact.

As you can see in the thread, this wasn't a new behavior either. Precisely the sort of paper cut I care about improving for everyone:

https://github.com/rust-lang/triagebot/issues/2108

Urgau looked into it and found out this is because rustbot was sending the pings one-by-one and taking some time to finish.

Zulip interpreted this as a timeout and retried the requests a few times.

Here's the fix he opened.

Thank you Urgau!

Leadership Council Minutes

The Leadership Council is a team charged with the success of the Project as a whole. They're composed of members of the top-level Rust teams.

The Council meets every two weeks and after each meeting they publish minutes to the leadership-council repository.

This makes them accountable to the teams they represent and transparent to the Project and the community as a whole. It also helps others find if they're missing something important so it can be brought to their attention.

As with every other meeting, when an active participant has to take minutes, this results in diminishing that person's attention to the topic as well as the quality of the notes (most people can't speak or fully consider what other people said and write at the same time).

And similarly, going through the minutes, making them legible and publishing them takes additional effort and attention. When these things pile up, they can even lead to burning out valuable contributors.

Having taken over the minutes for the Leadership Council meetings in June, I've now closed the loop by taking over the clean-up and publishing as well.

Fun Stats

I've collected a few numbers to show some of the regular work that's happening.

Total words of meeting minutes written: 92.6k (June + July). That's more than the novel I'm currently reading!

The current month (July 2025)

Meetings attended: 24

Total words written: 51.5k

Average (mean) word count per team meeting:

  • Cargo: 1.6k
  • Lang triage: 2.2k
  • Libs: 4.7k
  • Leadership council: 2.9k

In contrast, this is the week when I was away:

  • Cargo: 600
  • Lang triage: 604
  • Libs: 705

The previous month (June 2025)

Meetings attended: 39

Total words written: 41.1k

Average word count:

  • cargo: 1.3k
  • Lang triage: 1.8k
  • Libs: 3.9k
  • Leadership council: 1.9k

May 2025

I wasn't here in May so these can serve as a comparison.

Meetings attended: 0

Average word count:

  • cargo: 857
  • Lang triage: 1.4k
  • Libs: 1.3k
  • Leadership council: 1.5k

Caveat emptor

More words doesn't necessarily mean better and there are other aspects that affect this: number of people in the meeting, how much discussion a topic needs, etc. And this is not a target I or anyone else is holding me to.

But it is kind of interesting to see.

If you have an idea for any more useful things to track, please let me know!