Pre-RFC: `cargo package` to Include Fewer Files by Default — Rust Internals

A new pre-RFC proposal suggests that the `cargo package` command should include fewer files by default when packaging Rust projects. This change aims to improve supply chain security by excluding unnecessary files, such as tests and documentation, which could be potential vectors for attacks. Developers will need to adjust their packaging practices, ensuring that only essential files are included, potentially reducing the size of packages and enhancing security.

Enhancing Build Security in Rust Projects — Rust Internals

Recent discussions on Rust Internals highlight concerns about the security of build scripts and proc macros in Rust projects. The community is considering how to balance the flexibility of these tools with potential security risks, such as incomplete sandboxes giving a false sense of security. Developers are encouraged to engage in these discussions to help shape future Rust security practices, ensuring safer build environments and reducing vulnerabilities in Rust's development ecosystem.

• Pure Borrow: Linear Haskell Meets Rust-Style Borrowing [Lobsters Rust]
• 【Rust日报】2026-04-24 Vizia 0.4.0 版本发布 [RustCC (CN)]
• Running Bare-Metal Rust Alongside ESP-IDF on the ESP32-S3's Second Core [Lobsters Rust]
• Security issues found within rust-coreutils [Lobsters Rust]
• Who even uses jemalloc in 2026 anyway? (many major projects) [Lobsters Rust]