On Jul 14, 2023, at 11:19 AM, Hadley Wickham <h.wickham at gmail.com> wrote:
If CRAN cannot trust even the official one of Rust, why does CRAN have Rust at all?
I don't see the connection - if you downloaded something in the past it doesn't mean you will be able to do so in the future. And CRAN has Rust because it sounded like a good idea to allow packages to use it, but I can see that it opened a can of worms that we trying to tame here.
Can you give a bit more detail about your concerns here? Obviously
crates.io isn't some random site on the internet, it's the official
repository of the Rust language, supported by the corresponding
foundation for the language. To me that makes it feel very much like
CRAN, where we can assume if you downloaded something in the past, you
can download something in the future.