Skip to content
View bgeron-typosquatting-protect's full-sized avatar

Block or report bgeron-typosquatting-protect

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse

Pinned Loading

  1. Rationale behind the @bgeron-typosqu... Rationale behind the @bgeron-typosquatting-protect account, and a plea to the crates.io team
    1 
    This account is an alias of @bgeron, and it owns a number of Rust crates with nice names, such as `the`. I solemnly promise to never put any content on these crates. They are nice names, but for security purposes I think they should be reserved names (forever without content). Here's the danger:
    2 
    
              
    
              
    
                3
                
    1. Somebody malicious registers crate `the` and puts malware on it.
    
              
    
              
    
                4
                
    2. Somewhere on an online forum, Alice and Bob are talking about a new Rust command line program. Alice tells Bob to cargo install the binary.
    
              
    
              
    
                5
                
    3. Bob is very sleepy and distracted today. Bob copy-pastes `cargo install the binary` into his terminal. He gets an error. He realizes his mistake and runs `cargo install NewFancyProgram` instead.
    
              
    
          
    
    
    
  
    

    2.