Rust 2020: Funding

Nov 06, 2019 2 min #rust

👋 This page was last updated ~6 years ago. Just so you know.

Blog posts that praise Rust are many but funding is generally in short supply.

If even a small percentage of the money Rust saves companies was put back into the ecosystem it would help secure the future of the platform tremendously.

Multiple sources of funding

It is unreasonable going forward to expect the same handful of companies to provide all the funding.

Although Rust was born (or so I’m told) at Mozilla, it seems pretty clear that it has outgrown it significantly, and many big companies now benefit from Rust.

I hope they not only contribute code in the future but also funding.

Funding even if you don’t ask for it

Projects like rust-analyzer cost money, they explained in great detail. Those should be funded.

Other projects have not explained it in great detail but nevertheless could use funding as well.

There are many people good at what they do but not especially good at getting funding. This doesn’t mean they shouldn’t get funding.

Goodwill does not pay the rent

If we want the wonderful folks who have been improving all aspects of the compiler, various libraries, infrastructure, docs, and I’m forgetting many, to stay and be happy and not burn out and leave for high-paying jobs, we need funding.

Being well-compensated (or even compensated at all) for work on open-source projects, does not make the work any less noble or open source.

Funding

Thanks for funding.

(JavaScript is required to see this. Or maybe my stuff broke)

Did you know I also make videos? Check them out on PeerTube and also YouTube!

Here's another article just for you:

Thumbnail for crates.io phishing attempt

crates.io phishing attempt

Sep 12, 2025
1 min #rust · #security

Earlier this week, an npm supply chain attack.

It’s turn for crates.io, the main public repository for Rust crates (packages).

The phishing e-mail looks like this:

A phishing e-mail: Important: Breach notification regarding crates.io Hi, BurntSushi! We recently discovered that an unauthorized actor had compromised the crates.io infrastructure and accessed a limited amount of user information. The attacker's access was revoked, and we are currently reviewing our security posture. We are currently drafting a blog post to outline the timeline and the steps we took to mitigate this. In the meantime, we strongly suggest you to rotate your login info by signing in here to our internal SSO, which is a temporary fix to ensure that the attacker cannot modify any packages published by you.
Andrew Gallant on BlueSky

And it leads to a GitHub login page that looks like this:

A fake GitHub sign-in page.
Barre on GitHub

Several maintainers received it — the issue is being discussed on GitHub.

The crates.io team has acknowledged the attack and said they’d see if they can do something about it.

Read more
Discord GitHub Sponsors Patreon
Bluesky Mastodon PeerTube YouTube
TikTok Instagram RSS
About Legal Notice Privacy Policy Terms and Conditions