{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreicpt4srkafto7ukdnp2dk2hzi4xaozmibiw7tgsdsbqpdcrdwassm",
    "uri": "at://did:plc:ivbknywyskln22er3nkssdhl/app.bsky.feed.post/3mkgm3mejtn42"
  },
  "path": "/t/pre-rfc-dns-domains-as-package-namespaces/24202#post_11",
  "publishedAt": "2026-04-26T22:06:29.000Z",
  "site": "https://internals.rust-lang.org",
  "tags": [
    "crates.io"
  ],
  "textContent": "NPM already had a wave of supply chain attacks via custom domains with lapsed registration. An attacker would register the domain immediately after it expires, then use the account recovery via email to take control of the account. I don't think opening crates.io up to attacks in this style is wise.\n\nIt also seems odd to require paying recurring fees to third parties such as domain registrars.",
  "title": "[Pre-RFC] DNS domains as package namespaces"
}