A recent discussion on Hacker News argues that GitHub should not be a necessary dependency for publishing packages on crates.io. The core concern centers on the risks of tying a language's primary package registry to a single corporate platform. This dependency creates a bottleneck for developers who prefer different hosting options.

Reliance on one provider introduces a single point of failure for the Rust ecosystem. If the hosting service goes down or changes its terms, the ability to publish crates could be compromised. This technical coupling forces developers into a specific workflow that may not suit all security or privacy requirements.

Removing this requirement would diversify how developers share code. By decoupling the registry from a specific Git provider, the community ensures that crates.io remains an independent distribution channel. This shift would allow for a more resilient infrastructure that does not rely on a single company's availability.

Engineers are debating whether the current integration provides enough convenience to justify the risk. The conversation focuses on whether the convenience of GitHub Actions and source linking outweighs the need for total infrastructure independence. The goal is a publishing process that works regardless of where the source code lives.