October was a bit of an unusual month with many on the engineering team at the Foundation on PTO at various times and a full-week offsite staff meeting. But we still have some relevant updates.
As mentioned last month, there was an agreement to use The Update Framework (TUF) as the framework for crates signing and mirroring.
Great news that the RFC has officially been posted and discussion, and hopefully, approval will be happening over the next several days.
As part of its ongoing effort to catalog and patch servers for security and efficiency, Marco, JD and others on the Rust Project infrastructure team updated all of the servers it manages to Ubuntu 24.
Jon has publicly posted his draft version of the C++/Rust Interop initiative problem statement and high level strategy to the Rust Project. Jon is receiving feedback and starting to move towards implementing this strategy, which will be a heavy focus on 2025.
Also, as part of defining what we need to do for C++/Rust Interop, we are asking questions about unsafe since that is a key barrier between the two languages. There is a discussion happening around the definition of unsafety and undefined behavior, safety critical coding guidelines and unsafe coding guidelines research and writing.
Tobias made some key improvements to crates.io this month. He fixed a race condition in the publish endpoint related to SemVer versions with build metadata. He also improved observability by adjusting the tracing span field serialization. And finally he has continued his work migrating to using async database queries.
The first meeting of the Safety Critical Rust Consortium Coding Guidelines subcommittee met to start discussing how to ensure we have the correct guidelines to develop, write and test code that will be used in safety critical applications.
Members of the Rust Foundation attended EuroRust 2024, a Rust Foundation sponsored conference.
Moved the links to these to the README for persistent access.