Does this solve any outstanding workflow problems in crates.io? I’m hesitant for Rust to jump on the federation hype bubble, especially since I fail to see what problems it solves. The only problem I could imagine it solves is not having crates.io be the sole source of truth.
I personally like the fact that crates.io is maintained by an implicitly trusted party (the distributors of the compiler, which we all implicitly trust), and for situations in which this is unacceptable, you’d be hosting your own isolated crate registry anyways, which, for security purposes, should not be talking to crates.io since that would defeat the point. Frankly, I’d rather download crates off of crates.io than off of some rando’s instance, if given the choice.
Mind, for similar reasons I am skeptical of federated services in general, but for something like software distribution, I find it especially difficult to see value in decentralization (outside of mirroring, of course). And again, I think that hype bubbles are not good indicators that a technology should be adopted, much less shoe-horned into a use-case that does not obviously benefit from it.