Clarify that crates.io is a repository in the rust-lang org

carols10cents · carols10cents · commit 7720056c589e · 2024-06-05T09:51:32.000-04:00
And (most) other crates hosted on crates.io are not
diff --git a/app/templates/security.hbs b/app/templates/security.hbs
@@ -5,9 +5,9 @@
   <h2 id='crates-io-security'>Security of crates.io itself</h2>
 
   <p>Safety is one of the core principles of Rust, and to that end, we would like to ensure that cargo, crates.io, docs.rs, and
-    related tools have secure implementations. To disclose security vulnerabilities in
-    <a href='https://github.com/rust-lang'>any repository in the rust-lang organization</a>, please follow the
-    <a href='https://www.rust-lang.org/policies/security'>Rust Security policy</a>.</p>
+    related tools have secure implementations. To disclose security vulnerabilities in the crates.io service itself (as opposed
+    to crates hosted on crates.io) or any other <a href='https://github.com/rust-lang'>repository in the rust-lang
+    organization</a>, please follow the <a href='https://www.rust-lang.org/policies/security'>Rust Security policy</a>.</p>
 
     <p>Thank you for taking the time to responsibly disclose any issues you find.</p>
 
