<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="generator" content="rustdoc">
<title>Crates.io package policies</title>
<link rel="stylesheet" type="text/css" href="stylesheets/normalize.css">
<link rel="stylesheet" type="text/css" href="stylesheets/all.css">
<link rel="stylesheet" type="text/css" href="stylesheets/prism.css">
<script src="https://code.jquery.com/jquery-2.1.1.min.js"></script>
<link rel="icon" type="image/x-icon" href="favicon.ico">
</head>
<body class="rustdoc">
<!--[if lte IE 8]>
<div class="warning">
This old browser is unsupported and will most likely display funky
things.
</div>
<![endif]-->
<a href='https://github.com/rust-lang/cargo' class='fork-me'>
<img src='images/forkme.png'/>
</a>
<div id="header">
<a href='https://crates.io' class='logo'>
<img id="logo" height=100 width=100 src='images/Cargo-Logo-Small.png'/>
</a>
<a href="index.html">
<h1>CARGO</h1>
</a>
<div class="search">
<form action="https://crates.io/search"
method="GET">
<input name="q" class="search" placeholder="Search crates" type="text"/>
</form>
</div>
<div class="nav">
<a href='https://crates.io/crates'>Browse All Crates</a>
<span class='sep'>|</span>
<div class="dropdown-container">
<button class="dropdown">
Docs
<span class="arrow"></span>
</button>
<!-- Sync this list with
https://github.com/rust-lang/crates.io/blob/master/app/templates/application.hbs
and with Makefile.in in this repository -->
<ul id="current-user-links" class="dropdown" data-bindattr-503="503">
<li><a href='index.html'>Getting Started</a></li>
<li><a href='guide.html'>Guide</a></li>
<li><a href='specifying-dependencies.html'>Specifying Dependencies</a></li>
<li><a href='crates-io.html'>Publishing on crates.io</a></li>
<li><a href='faq.html'>FAQ</a></li>
<li><a href='manifest.html'>Cargo.toml Format</a></li>
<li><a href='build-script.html'>Build Scripts</a></li>
<li><a href='config.html'>Configuration</a></li>
<li><a href='pkgid-spec.html'>Package ID specs</a></li>
<li><a href='environment-variables.html'>Environment Variables</a></li>
<li><a href='source-replacement.html'>Source Replacement</a></li>
<li><a href='external-tools.html'>External Tools</a></li>
<li><a href='policies.html'>Policies</a></li>
</ul>
</div>
</div>
</div>
<main>
<h1 class="title">Crates.io package policies</h1>
<p>In general, these policies are guidelines. Problems are often contextual, and
exceptional circumstances sometimes require exceptional measures. We plan to
continue to clarify and expand these rules over time as new circumstances
arise. If your problem is not described below, consider <a href="mailto:help@crates.io">sending us an email</a>.</p>
<h1 id='package-ownership' class='section-header'><a href='#package-ownership'>Package Ownership</a></h1>
<p>We have a first-come, first-served policy on crate names. Upon publishing a
package, the publisher will be made owner of the package on Crates.io.</p>
<p>If someone wants to take over a package, and the previous owner agrees, the
existing maintainer can add them as an owner, and the new maintainer can remove
them. If necessary, the team may reach out to inactive maintainers and help
mediate the process of ownership transfer.</p>
<h1 id='removal' class='section-header'><a href='#removal'>Removal</a></h1>
<p>Many questions are specialized instances of a more general form: “Under what
circumstances can a package be removed from Crates.io?”</p>
<p>The short version is that packages are first-come, first-served, and we won’t
attempt to get into policing what exactly makes a legitimate package. We will
do what the law requires us to do, and address flagrant violations of the Rust
Code of Conduct.</p>
<h2 id='squatting' class='section-header'><a href='#squatting'>Squatting</a></h2>
<p>We do not have any policies to define 'squatting', and so will not hand over
ownership of a package for that reason.</p>
<h2 id='the-law' class='section-header'><a href='#the-law'>The Law</a></h2>
<p>For issues such as DMCA violations, trademark and copyright infringement,
Crates.io will respect Mozilla Legal’s decisions with regards to content that
is hosted.</p>
<h2 id='code-of-conduct' class='section-header'><a href='#code-of-conduct'>Code of Conduct</a></h2>
<p>The Rust project has a <a href="https://www.rust-lang.org/conduct.html">Code of Conduct</a> which governs appropriate conduct for
the Rust community. In general, any content on Crates.io that violates the Code
of Conduct may be removed. Here, content can refer to but is not limited to:</p>
<ul>
<li>Package Name</li>
<li>Package Metadata</li>
<li>Documentation</li>
<li>Code</li>
</ul>
<p>There are two important, related aspects:</p>
<ul>
<li>We will not be pro-actively monitoring the site for these kinds of violations,
but relying on the community to draw them to our attention.</li>
<li>“Does this violate the Code of Conduct” is a contextual question that
cannot be directly answered in the hypothetical sense. All of the details
must be taken into consideration in these kinds of situations.</li>
</ul>
<h1 id='security' class='section-header'><a href='#security'>Security</a></h1>
<p>Cargo and crates.io are projects that are governed by the Rust Programming
Language Team. Safety is one of the core principles of Rust, and to that end,
we would like to ensure that cargo and crates.io have secure implementations.
To learn more about disclosing security vulnerabilities, please reference the
<a href="https://www.rust-lang.org/security.html">Rust Security policy</a> for more details.</p>
<p>Thank you for taking the time to responsibly disclose any issues you find.</p>
</main>
<footer>
<a href='index.html'>Install</a>
<span class='sep'>|</span>
<a href='index.html'>Getting Started</a>
<span class='sep'>|</span>
<a href='guide.html'>Guide</a>
</footer>
<script type='text/javascript' src='javascripts/prism.js'></script>
<script type='text/javascript' src='javascripts/all.js'></script>
</body>
</html>
