Skip to content

Change 3872 section headers to 2nd level Markdown #3896

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ehuss merged 2 commits into from
Dec 15, 2025
Merged

Change 3872 section headers to 2nd level Markdown #3896

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a1b19d8
Change 3872 section headers to 2nd level Markdown
ehuss Dec 11, 2025
8e5023c
Update tracking issue
ehuss Dec 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 10 additions & 10 deletions text/3872-crates-io-security.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
- Feature Name: crates-io-security
- Start Date: 2025-10-27
- RFC PR: [rust-lang/rfcs#3872](https://github.com/rust-lang/rfcs/pull/3872)
- Rust Issue: [rust-lang/rust#3872](https://github.com/rust-lang/rust/issues/3872)
- Rust Issue: [rust-lang/crates.io#12507](https://github.com/rust-lang/crates.io/issues/12507)

# Summary
## Summary

[summary]: #summary

This RFC proposes that crates.io should provide insight into vulnerabilities and unsound
API surface based on the RustSec advisory database.

# Motivation
## Motivation

[motivation]: #motivation

Expand Down Expand Up @@ -44,7 +44,7 @@ graph is a more complex problem that is outside the scope of this RFC (but see f
[Log4Shell]: https://en.wikipedia.org/wiki/Log4j#Log4Shell_vulnerability
[Principles for Package Repository Security]: https://repos.openssf.org/principles-for-package-repository-security.html

# Guide-level explanation
## Guide-level explanation

[guide-level-explanation]: #guide-level-explanation

Expand All @@ -68,7 +68,7 @@ For example, the UI could be somewhat like this:
The way advisories are represented in the crates.io UI will evolve over time based on the
available data and user feedback. This RFC does not mandate a specific UI design.

# Reference-level explanation
## Reference-level explanation

[reference-level-explanation]: #reference-level-explanation

Expand All @@ -80,7 +80,7 @@ directly.

[advisory-db repository]: https://github.com/RustSec/advisory-db

# Drawbacks
## Drawbacks

[drawbacks]: #drawbacks

Expand All @@ -97,7 +97,7 @@ that are best for their projects.

[ongoing discussion]: https://github.com/rust-lang/leadership-council/issues/140

# Rationale and alternatives
## Rationale and alternatives

[rationale-and-alternatives]: #rationale-and-alternatives

Expand All @@ -115,7 +115,7 @@ seems mostly unrelated to what crates.io does, and seems like an interesting fut
[cargo-audit]: https://crates.io/crates/cargo-audit
[cargo-deny]: https://crates.io/crates/cargo-deny

# Prior art
## Prior art

[prior-art]: #prior-art

Expand All @@ -129,15 +129,15 @@ both RustSec advisories and reviews from [cargo-crev] and [cargo-vet].
[cargo-crev]: https://github.com/crev-dev/cargo-crev
[cargo-vet]: https://github.com/mozilla/cargo-vet

# Unresolved questions
## Unresolved questions

[unresolved-questions]: #unresolved-questions

This seems like a relatively straightforward feature with a limited scope. The main questions
are about the desirability of the feature, the implementation approach, and the governance
of the source data.

# Future possibilities
## Future possibilities

[future-possibilities]: #future-possibilities

Expand Down