| 22 Nov 2025 |
|  @cuer:envs.net removed their display name Cuer. | 15:09:26 |
| @cuer:envs.net left the room. | 15:09:28 |
| 24 Nov 2025 |
 rosssmyth | Some experimenting I was doing today
https://github.com/RossSmyth/fetch-cargo-index | 01:02:15 |
 niklaskorz | so how big is the generated index? 😅 | 10:50:28 |
 @acidbong:envs.net | it'd be more convenient if Crates themselves forbade downloading insecure libraries | 11:08:36 |
|  amadaluzia changed their display name from amadaluzia (🇹🇷 til 25th) to amadaluzia. | 12:57:05 |
 dish [Fox/It/She] | In reply to @niklaskorz:matrix.org
so how big is the generated index? 😅 at the end of the readme, says about 50MB x_x | 14:32:42 |
| niklaskorz | well maybe we shouldn't include the whole cargo-verse | 14:43:56 |
| dish [Fox/It/She] | if we try to do filtering we end up like nodePackages | 14:44:26 |
| dish [Fox/It/She] | which is to say, not good | 14:44:37 |
| rosssmyth | Yeah unfortunately I'm unsure of a much better way.
Only including deps that Nixpkgs requireds in a json file quickly would become similar to nodePackages, where every time a crate is added it is required to modify a file which results in merge conflict hell usually, especially if it is minimized to reduce storage space requirements | 17:33:00 |
| rosssmyth | The other idea would be to have a package set that is similar to all-packages, which I think tooling could be made that wouldn't make it too bad | 17:33:35 |
| rosssmyth | That's basically yanked packages, which that prototype tool already filters out automatically. But unfortunately yanked packages cannot be relied on. | 17:34:37 |
| rosssmyth | * That's basically yanked packages, which that prototype tool already filters out automatically. But unfortunately yanked packages cannot be relied on for security. | 17:34:48 |
