1- <PageHeader @title =" Crates.io Package Policies "
1+ <PageHeader @title =' Usage Policy '
22
33<TextContent @boxed ={{ true }} >
4- <p >
5- In general, these policies are guidelines. Problems are often contextual, and
6- exceptional circumstances sometimes require exceptional measures. We plan to
7- continue to clarify and expand these rules over time as new circumstances
8- arise. If your problem is not described below, consider
9- <
a href =' mailto:[email protected] ' >sending us an email</
a >.
10- </p >
11-
12- <h2 id =' package-ownership' a href =' #package-ownership' a ></h2 >
13-
14- <p >
15- We have a first-come, first-served policy on crate names. Upon publishing a
16- package, the publisher will be made owner of the package on Crates.io.
17- </p >
18-
19- <p >
20- If someone wants to take over a package, and the previous owner agrees, the
21- existing maintainer can add them as an owner, and the new maintainer can remove
22- them. If necessary, the team may reach out to inactive maintainers and help
23- mediate the process of ownership transfer.
24- </p >
25-
26- <p >
27- Using an automated tool to claim ownership of a large number of package names
28- is not permitted. We reserve the right to block traffic or revoke ownership
29- of any package we determine to have been claimed by an automated tool.
30- </p >
31-
32- <h2 id =' removal' a href =' #removal' a ></h2 >
33-
34- <p >
35- Many questions are specialized instances of a more general form: “Under what
36- circumstances can a package be removed from Crates.io?”
37- </p >
38-
39- <p >
40- The short version is that packages are first-come, first-served, and we won’t
41- attempt to get into policing what exactly makes a legitimate package. We will
42- do what the law requires us to do, and address flagrant violations of the Rust
43- Code of Conduct.
44- </p >
45-
46- <h3 id =' delete-crate' a href =' #delete-crate' a ></h3 >
47-
48- <p >
49- You can't delete crates from the registry, but you can leave it open for
50- transferring ownership to others.
51- </p >
52-
53- <p >
54- To do this, you must publish a version with a message in the README
55- communicating to crates.io support team that you consent to transfer the
56- crate to the first person who asks for it:
57- </p >
4+ <p ><strong >Short version:</strong >
5+ <em >crates.io is a critical resource for the Rust ecosystem, which hosts a variety of packages from a diverse group of
6+ users. That resource is only effective when our users are able to work together as part of a community in good
7+ faith. While using crates.io, you must comply with our Acceptable Use Policies, which include some restrictions on
8+ content and conduct on crates.io related to user safety, intellectual property, privacy, authenticity, and other
9+ limitations. In short, be excellent to each other!</em ></p >
10+
11+ <p >We do not allow content or activity on crates.io that:</p >
12+
13+ <ul >
14+ <li >violates the <a href =' https://www.rust-lang.org/policies/code-of-conduct' a > of the Rust project</li >
15+ <li >is unlawful or promotes unlawful activities, incurring legal liability in the countries the Rust Foundation
16+ officially operates in</li >
17+ <li >is libelous, defamatory, or fraudulent</li >
18+ <li >amounts to phishing or attempted phishing</li >
19+ <li >infringes any proprietary right of any party, including patent, trademark, trade secret, copyright, right of
20+ publicity, or other right</li >
21+ <li >unlawfully shares unauthorized product licensing keys, software for generating unauthorized product licensing
22+ keys, or software for bypassing checks for product licensing keys, including extension of a free license beyond its
23+ trial period</li >
24+ <li >contains malicious code, such as computer viruses, computer worms, rootkits, back doors, or spyware, including
25+ content submitted for research purposes (tools designed and documented explicitly to assist in security research are
26+ acceptable, but exploits and malware that use the crates.io registry as a deployment or delivery vector are not)</li >
27+ <li >uses obfuscation to hide or mask functionality</li >
28+ <li >is discriminatory toward, harasses or abuses another individual or group</li >
29+ <li >threatens or incites violence toward any individual or group, especially on the basis of who they are</li >
30+ <li >is using crates.io as a platform for propagating abuse on other platforms</li >
31+ <li >violates the privacy of any third party, such as by posting another person's personal information without
32+ consent</li >
33+ <li >gratuitously depicts or glorifies violence, including violent images</li >
34+ <li >is sexually obscene or relates to sexual exploitation or abuse, including of minors (see " Sexually Obscene
35+ Content" section below)</li >
36+ <li >is off-topic, or interacts with platform features in a way that significantly or repeatedly disrupts the
37+ experience of other users</li >
38+ <li >exists only to reserve a name for a prolonged period of time (often called " name squatting" ) without
39+ having any genuine functionality, purpose, or significant development activity on the corresponding repository</li >
40+ <li >is related to buying, selling, or otherwise trading of package names or any other names on crates.io for money or
41+ other compensation</li >
42+ <li >impersonates any person or entity, including through false association with crates.io, or by fraudulently
43+ misrepresenting your identity or site's purpose</li >
44+ <li >is related to inauthentic interactions, such as fake accounts and automated inauthentic activity</li >
45+ <li >is using our servers for any form of excessive automated bulk activity, to place undue burden on our servers
46+ through automated means, or to relay any form of unsolicited advertising or solicitation through our servers, such
47+ as get-rich-quick schemes</li >
48+ <li >is using our servers for other automated excessive bulk activity or coordinated inauthentic activity, such as</li >
49+ <li >spamming</li >
50+ <li >cryptocurrency mining</li >
51+ <li >is not functionally compatible with the cargo build tool (for example, a " package" cannot simply be a
52+ PNG or JPEG image, a movie file, or a text document uploaded directly to the registry)</li >
53+ <li >is abusing the package index for purposes it was not intended</li >
54+ </ul >
55+
56+ <p >You are responsible for using crates.io in compliance with all applicable laws, regulations, and all of our policies.
57+ These policies may be updated from time to time. We will interpret our policies and resolve disputes in favor of
58+ protecting users as a whole. The crates.io team reserves the possibility to evaluate each instance on a case-by-case
59+ basis.</p >
60+
61+ <p >For issues such as DMCA violations, or trademark and copyright infringements, the crates.io team will respect the
62+ legal decisions of the <a href =' https://rustfoundation.org/' a > as the official legal entity
63+ providing the crates.io service.</p >
64+
65+ <h2 id =' package-ownership' h2 >
66+
67+ <p >crates.io has a first-come, first-serve policy on crate names. Upon publishing a package, the publisher will be made
68+ owner of the package on crates.io.</p >
69+
70+ <p >If you want to take over a package, we require you to first try and contact the current owner directly. If the
71+ current owner agrees, they can add you as an owner of the crate, and you can then remove them, if necessary. If the
72+ current owner is not reachable or has not published any contact information the crates.io team may reach out to help
73+ mediate the process of the ownership transfer.</p >
74+
75+ <p >Crate deletion by their owners is not possible to keep the registry as immutable as possible. If you want to flag
76+ your crate as open for transferring ownership to others, you can publish a new version with a message in the README or
77+ description communicating to thecrates.io support team that you consent to transfer the crate to the first person who
78+ asks for it:</p >
5879
5980 <blockquote >
6081 I consent to the transfer of this crate to the first person who asks
61826283 </blockquote >
6384
64- <h3 id =' squatting' a href =' #squatting' a ></h3 >
85+ <p >The crates.io team may delete crates from the registry that do not comply with the policies on this document. In
86+ larger cases of squatting attacks this may happen without prior notification to the author, but in most cases the team
87+ will first give the author the chance to justify the purpose of the crate.</p >
6588
66- <p >
67- We do not have any policies to define 'squatting', and so will not hand over
68- ownership of a package for that reason.
69- </p >
89+ <h2 id =' data-access' h2 >
7090
71- <h3 id =' the-law' a href =' #the-law' a ></h3 >
91+ <p >Details on how to access the crates.io data can be found on the dedicated <LinkTo @route =" data-access"
92+ Policy</LinkTo > page.</p >
7293
73- <p >
74- For issues such as DMCA violations, trademark and copyright infringement,
75- Crates.io will respect the <a href =' https://foundation.rust-lang.org' a >'s legal decisions with regards to content that
76- is hosted.
77- </p >
94+ <h2 id =' security' h2 >
7895
79- <h3 id =' code-of-conduct' a href =' #code-of-conduct' a ></h3 >
96+ <p >Safety is one of the core principles of Rust, and to that end, we would like to ensure that cargo and crates.io have
97+ secure implementations. To learn more about disclosing security vulnerabilities for these tools, please reference the
98+ <a href =' https://www.rust-lang.org/policies/security' a >
99+ for more details.</p >
80100
81- <p >
82- The Rust project has a
83- <a href =' https://www.rust-lang.org/conduct.html' a >
84- which governs appropriate conduct for the Rust community. In
85- general, any content on Crates.io that violates the Code of Conduct may be
86- removed. Here, content can refer to but is not limited to:
87- </p >
101+ <p >Note that this policy only applies to official Rust projects like crates.io and cargo, and not individual crates. The
102+ crates.io team and the Security Response working group are not responsible for the disclosure of vulnerabilities to
103+ specific crates, and if any issues are found, you should seek guidance from the individual crate owners and their
104+ specific policies instead.</p >
88105
89- <ul >
90- <li >Package Name</li >
91- <li >Package Metadata</li >
92- <li >Documentation</li >
93- <li >Code</li >
94- </ul >
106+ <p >Thank you for taking the time to responsibly disclose any issues you find.</p >
95107
96- <p >
97- There are two important, related aspects:
98- </p >
108+ <h2 id =' sexually-obscene-content' h2 >
109+
110+ <p >We do not tolerate content associated with sexual exploitation or abuse of another individual, including where minors
111+ are concerned. We do not allow sexually themed or suggestive content that serves little or no purpose other than to
112+ solicit an erotic or shocking response, particularly where that content is amplified by its placement in profiles or
113+ other social contexts.</p >
114+
115+ <p >This includes:</p >
99116
100117 <ul >
101- <li >
102- We will not be pro-actively monitoring the site for these kinds of
103- violations, but relying on the community to draw them to our attention.
118+ <li >Pornographic content</li >
119+ <li >Non-consensual intimate imagery</li >
120+ <li >Graphic depictions of sexual acts including photographs, video, animation, drawings, computer-generated images, or
121+ text-based content
104122 </li >
105123
106- <li >
107- “Does this violate the Code of Conduct” is a contextual question that
108- cannot be directly answered in the hypothetical sense. All of the details
109- must be taken into consideration in these kinds of situations.
110- </li >
111- </ul >
124+ </ul >
125+
126+ <p >We recognize that not all nudity or content related to sexuality is obscene. We may allow visual and/or textual
127+ depictions in artistic, educational, historical or journalistic contexts, or as it relates to victim advocacy. In some
128+ cases a disclaimer can help communicate the context of the project.</p >
129+
130+ <h2 id =' violations-and-enforcement' h2 >
131+
132+ <p >crates.io retains full discretion to take action in response to a violation of these policies, including account
133+ suspension, account termination, or removal of content.</p >
134+
135+ <p >We will however not be proactively monitoring the site for these kinds of violations, but instead relying on the
136+ community to draw them to our attention.</p >
137+
138+ <p >While the majority of interactions between individuals in the Rust community falls within our policies, violations of
139+ those policies do occur at times. When they do, the crates.io team may need to take enforcement action to address the
140+ violations. In all cases, content and account deletion is permanent and there is no basis to reverse these moderation
141+ actions taken by the crates.io team. Account suspension may be lifted at the team's discretion however, for
142+ example in the case of someone's account being compromised.</p >
143+
144+ <h2 id =' credits-license' & License</h2 >
145+
146+ <p >This policy is partially based on
147+ <a href =' https://github.com/pypi/warehouse/blob/3c404ada9fed7a03bbf7c3c74e86c383f705d96a/policies/acceptable-use-policy.md'
148+ PyPI’s Acceptable Use Policy</a > and modified from its original form.</p >
112149
113- <h2 id =' security' a href =' #security' a ></h2 >
114-
115- <p >
116- Cargo and crates.io are projects that are governed by the Rust Programming
117- Language Team. Safety is one of the core principles of Rust, and to that end,
118- we would like to ensure that cargo and crates.io have secure implementations.
119- To learn more about disclosing security vulnerabilities, please reference the
120- <a href =' https://www.rust-lang.org/security.html' a > for
121- more details.
122- </p >
123-
124- <p >
125- Thank you for taking the time to responsibly disclose any issues you find.
126- </p >
127-
128- <h2 id =' crawlers' a href =' #crawlers' a ></h2 >
129-
130- <p >
131- Before resorting to crawling crates.io, please read
132- <LinkTo @route =" data-access" LinkTo >.
133- </p >
134-
135- <p >
136- We allow our API and website to be crawled by commercial crawlers such as
137- GoogleBot. At our discretion, we may choose to allow access to experimental
138- crawlers, as long as they limit their request rate to 1 request per second or
139- less.
140- </p >
141-
142- <p >
143- We also require all crawlers to provide a user-agent header that allows us to
144- uniquely identify your bot. This allows us to more accurately monitor any
145- impact your bot may have on our service. Providing a user agent that only
146- identifies your HTTP client library (such as "<code >request/0.9.1</code >") increases the
147- likelihood that we will block your traffic.
148-
149- It is recommended, but not required, to include contact information in your user
150- agent. This allows us to contact you if we would like a change in your bot's
151- behavior without having to block your traffic.
152- </p >
153-
154- <p >
155- Bad: "<code >User-Agent: reqwest/0.9.1</code >"<br >
156- Better: "<code >User-Agent: my_bot</code >"<br >
157- Best: "<code >User-Agent: my_bot (my_bot.com/info)</code >" or "<code >User-Agent: my_bot (help@my_bot.com)</code >"
158- </p >
159-
160- <p >
161- We reserve the right to block traffic from any bot that we determine to be in
162- violation of this policy or causing an impact on the integrity of our service.
163- </p >
150+ <p >Licensed under the
151+ <a href =' https://creativecommons.org/licenses/by/4.0/' a >.</p >
164152</TextContent >
0 commit comments