Rust crate auditing and source correspondence checks
Better supply chain security for Rust crates + packages in distributions
This project aims to harden the flow from upstream project sources (in version control), via published tarballs (on crates.io), to Linux distributions (RPM packages), by checking published sources for unexpected differences from version control, and other changes - including metadata changes - between released versions. An additional goal is for issues that are uncovered by this process - or during review for their inclusion in Linux distributions - to be made available to the broader Rust ecosystem.
- The project's own website: https://github.com/decathorpe
This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.
