There were substantial engineering efforts on Painter, crates.io and working to preventing fraudulent/malicious crates. An interesting blog post on the state of unsafe in the Rust ecosystem was also published.
A substantial Painter code push was made in May by Walter. Those running Painter will be able to obtain unsafe statistics, better call graph pruning, FFI boundary mapping and support for the latest version of Rust.
Adam is working on verifying that a given crate is actually associated with the repository it claims to be. In addition to catching innocuous mistakes in the crate metadata, this will limit fraudulent crate creators trying to hide their malicious crates behind seemingly valid repos, when, in fact, the code for these crates are actually in unknown repos. Once caught, these crates can be quarantined and deleted using our admin tools.
Tobias, along with others, implemented and landed a system that will send expiry notifications for tokens that will expire in three (3) days. This will allow users to be able to take proactive action to renew their tokens before workflows are interrupted.
The new archive version download background job can be used to export all version download data to S3 and then remove it from the database. This allowed us to shrink the database considerably, which will have a positive effect on our database performance.
Tobias also updated the crates.io database which provides even further increased performance.
Interviews for both the C++/Rust Interop Initiative Software Engineer Lead and the Rust Infrastructure Engineer have concluded and we are proud to say that we have chosen two outstanding candidates to fulfill each role. Official announcements will be forthcoming.
With so many high-impact programs at the Foundation and a comparatively small team, the Foundation staff is looking forward to welcoming several new hires to help us scale and streamline our efforts.
Multiple staff members at the Foundation, including Joel and Walter, worked to publish a blog post highlighting the use of unsafe in the Rust ecosystem. The results may be surprising to some, but it showcases that even with the use of unsafe, Rust still has safeguards to prevent vulnerabilities.
The Foundation is working to establish a Rust Safety Critical Consortium amongst interested parties. Multiple introductory meetings have occurred in order to determine viability, interest and whether it is worth the work trying to push this forward. It seems like there is momentum and now we are working on trying to bring in other potential members and determine and document a vision for such a consortium. This is early times and a work in progress, but is showing promise that a working group can come to fruition, with a potential first F2F meeting at RustConf. Hoping to announce something in June.
Joel spoke on behalf of the Rust Foundation at the Fastly booth at the RSA conference in San Francisco about Rust infrastructure and Fastly's role in keeping it available and efficient.
Joel was named team lead for the Rust specification. He will work to make more tangible progress on specification content.