No one owes you supply-chain security
Summary
A personal blog post arguing that no single registry can guarantee supply-chain security for Rust crates. It critiques typo-squatting fixes, sandboxing limits, and code in VCS, and promotes developer auditing, lockfiles, and practical tooling as the path to manage dependency risk.