{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreifc2dguvnfijfp5i62gym7ckqpqsk2ahrqu4ciukhcc74zu5d6z4e",
    "uri": "at://did:plc:ivbknywyskln22er3nkssdhl/app.bsky.feed.post/3mnzm3hpbv2g2"
  },
  "path": "/t/separating-fetching-from-building-for-better-security/24390#post_7",
  "publishedAt": "2026-06-11T16:03:25.000Z",
  "site": "https://internals.rust-lang.org",
  "textContent": "grothesque:\n\n> While working on this, I realized that in addition to simply sandboxing Cargo, a meaningful security improvement can be obtained by separating fetching and building so that, for example, an invocation of `cargo build` is split into two phases:\n\nThere are test runners and rustc wrappers (for proc macros). There is an experiment for something similar for build scripts.",
  "title": "Separating fetching from building for better security"
}