Easily inspect dependencies

Rudxain:

It doesn't have to be about security since the very beggining. Just an easy way to see docs and implementation details without having to re-download data. The (dep/lib/bin) docs don't (and shouldn't) specify all impl details, so being able to use cargo (instead of RA/r-a) to find those details would be nice.

What do you mean "without having to redownload"?

Rudxain:

This suggests that mitigating supply-chain attacks should also be important to Cargo

This is still very abstract. Why does opening the files locally in this way part of supply chain security?

Rudxain:

epage:

cache read-only but we've had problems with that

Understood . Could this be improved in the next edition? or is it a portability limitation because of the many platforms where Cargo is officially supported?

I don't remember the details. The issue is Consider making the src cache read-only. · Issue #9455 · rust-lang/cargo · GitHub

One problem I can see is build scripts copying data or doing other stuff. Build scripts are tricky with editions because an edition is local to a package but a build script's interactions with cargo are at the progess level which encompasses all packages built into it. If a build script uses a helper library from a different edition, it should still work.