**Just a wild idea** Would there be an interest of community _"hardened"_ or _"moderated"_ crates.io [registeries] reflector source that essentially filters to cargo automatically by-community-input on crates that are available to cargo via it's index ? Essentially this would combine several tools - we could use registry hostname identifier which set of "exclusions" are to be used via the reflection. _NOTE: I am not sure yet whether "private" community registry would work properly with the current cargo as I haven't tested doing this but there is a flag and [registry] - However even without current support it would be nice to discuss the prospect / benefits / cons _ **Use-Cases** - Filter-blacklist by yank & Advisory DB - OR - - Redirect to "last working or presumed secure version" (.lock will fail though) - Build w/ .lock's that refer to insecure / yank versions will fail **Logistics** - I already have everything via my effort on geiger.rs except how the cargo interacts with the index / registry that I would need to roll the respective API as well as RBL style DNS naming to reflect included sets of deny/redirect-filter list. **Refs** - https://rust-lang.zulipchat.com/#narrow/stream/146229-wg-secure-code/topic/.22Backdooring.20Rust.20crates.20for.20fun.20and.20profit.22 - rust-lang eRFC: Crate name transfer - https://github.com/rust-lang/rfcs/pull/2614