Let’s say I publish create Foo 1.0.0 on crates.io. Then, after some time, I publish 2.0.0, incompatible with Foo 1.0.0, and I don’t want to, or can’t, support 1.0.0 any more. Then, let’s say there is a critical security bug in Foo 1.0.0 so nobody should use it.
crates.io supports “yanking” a package, which handles the case for new crates that try to depend on Foo 1.0.0. But, how can I stop existing crates from (silently) continuing to use the dangerously-non-secure Foo 1.0.0? I would like to be able to “yank” in such a way that, at a minimum, downstream users are warned during the build of the potential problem.