• Category: Languages
  • Status: discussion
  • Sources: kerkour.com, rust-stdx/stdx
  • Summary: Sylvain Kerkour published a post explaining why stdx, an extended Rust standard-library project focused on simplicity, performance, and supply-chain security, is deliberately not published to crates.io. The argument is that importing directly from source via Git avoids centralized-registry namespace squatting and reduces supply-chain risk, continuing Kerkour's earlier thesis on Rust dependency exposure. The post is opinion, not a registry policy change.
  • Why it matters: Registry trust and dependency provenance are an active concern for Rust teams after repeated package-ecosystem incidents, and source-only distribution is one response practitioners are debating.

Send feedback on this story