Easily inspect dependencies

bjorn3:

config files that may cause your editor to run potentially malicious code

Some editors (VScode, and most recently Helix) already protect themselves against that type of attack. So I believe the burden of config-security should be placed on them, not Cargo.

epage:

use cases

I thought I already mentioned them? It doesn't have to be about security since the very beggining. Just an easy way to see docs and implementation details without having to re-download data. The (dep/lib/bin) docs don't (and shouldn't) specify all impl details, so being able to use cargo (instead of RA/r-a) to find those details would be nice.

epage:

generic link to some site

I'll clarify my reasoning:

1. Supply-chain attacks are in the OWASP Top 10
2. Therefore, supply-chain attacks are important to OWASP
3. This suggests that mitigating supply-chain attacks should also be important to Cargo

epage:

cache read-only but we've had problems with that

Understood . Could this be improved in the next edition? or is it a portability limitation because of the many platforms where Cargo is officially supported?