Alice Ryhl

You just run Cargo run and it's only local to this.

The only thing that's shared is this registry, which is just to avoid downloading the same thing twice.

The first time I was at the Linux Plumbers conference, at the very end, so Linux wasn't anywhere to be seen throughout the entire conference, but at the very end of the social event, he showed up and I went over to say hi.

I mentioned I worked on Rust and immediately he started telling me about how he didn't like Cargo.

And so the reason for that is that Cargo downloads code from the internet and runs it like any package manager.

And he doesn't want any code on his computer to do that other than his distributions package manager.

He doesn't trust anybody else to do that.

I mean, in principle, yeah.

I mean, ultimately, if you somehow got a hold of my keys to upload new Tokyo versions, you could upload a malicious one.

I don't think we've had much problems with it compared to something like NPM, but I don't really know if we... I mean, it's a hard problem, right?

If somebody can impersonate the maintainer of a library, then I mean, I think they do do stuff like delete, go scratting malicious crates and stuff like that.

My opinion is that the least mature area is frontend.

There have been some attempts to compile Rust to WebAssembly and then run it on the web as a frontend as a replacement for TypeScript.

But if I was writing a web server, I would totally use Rust for the backend and TypeScript for the frontend.

I would not really go the WebAssembly route.

On the other hand, for backend, I actually think it's a pretty great fit.

And there's also stuff like command line tools.

I think it's a really, really great fit for that.

And then, of course, we are expanding into Linux.

And we are also expanding into a lot of embedded projects.