December is usually a bit of a slower month at the Foundation, with many taking longer holiday breaks, etc. That was the case this month, but there were some good updates around crate signing, crates.io improvements and CI cost reduction.
Walter, in conjunction with other Rust Project members, led the creation of a 2025H1 Rust Project goal around crate signing.
Following upon the TUF RFC, Within 6 months, the goal is tp provide preliminary infrastructure to cryptographically verify the crates.io repository and experimental mirrors of it. This will include a chain-of-trust to the Rust Project via a quorum-based mechanism, and methods to verify singular Rust crates, their singular index entries, as well as the index and the artifacts as a whole.
The Trusted Publishing RFC for crates.io went through the final comment period (FCP) and was subsequently accepted by the crates.io team. With the RFC now accepted, implementation work is set to begin in early January.
Marco has led an CI cost reduction effort to great success so far. We are around 50% cost improvement in only about three months just based on technical efforts to re-order builds, move builds to different CI runners, and other optimizations. All this with minimal visible impact to the Rust maintainers and community. There is potentially more to come as we head into 2025.
In November, Tobias completed the backend work to enable crate deletions by their authors. In December, he finished the corresponding user interface elements.
After some experimentation by Tobias, the crates.io team accepted several pull requests to generate an official OpenAPI description for the crates.io API from the code. The API description is still a work in progress and is currently marked as experimental, but it is progressing well.
There are two Rust Project Goals for 2025H1 relating to the Rust specification.
- Integrate the Ferrocene Language Specification (FLS) into the Rust Project. Ferrous Systems is planning to transfer the Ferrocene Language Specification (FLS) to the Rust Project, under the ownership of the Specification Team, or t-spec. In the first half of 2025, the Specification team will integrate the FLS, under an appropriate name, into both its design and development processes, and the project as a whole.
- Adding tests for the Rust specification. The Rust test suite covers huge portions of the Rust Compiler (rustc). To ensure that the content of the Rust specification is correct, and ongoing compliance is validated, Rust tests will be added and linked directly in the specification itself.
The Rust Safety Critical Consortium continues to make progress with its two primary subcommittees - coding guidelines and tooling. We plan to have the second full meeting of the Safety Critical Rust Consortium on 19 February 2025 coinciding with Rust Nation.
Jon is participating in the OpenSSF SIG Memory Safety meetings, recently having presented on the Foundation's Rust/C++ Interop Initiative.
Moved the links to these to the README for persistent access.