I think it's even worse depending on a repo whose author refuses to or is unwilling to maintain.

Besides git is hardly fragile especially if we are talking github. I happily clone and pull projects all the time without a single hitch. Also if you think about it github/attlassian are all dedicated to task with datacenters around the globe, while for the rust team the repo might be somewhat of a side gig.

I'm not so worried about Github going down as I am about people removing their repos.

And why do you think depending on a repo is worse than depending on Github? If the package is not maintained anymore, license willing, you can always fork it and bump the dependencies yourself, even if, in the worst of cases, you need to keep the fork local. However, if it turns out you have to maintain a lot of third-party libraries yourself, it's a sign either of a bad ecosystem, or that you picked the wrong libraries.

I guess at the end of the day so long as cargo has the git option people like me will always get our code fresh from the source, with the maintainers consent. It's not like I'm being forced to use the crates-repo.

Let's agree on one thing we shouldn't be maintaining other peoples abandoned/illegal libs, however thanks to them being posted on the crates-repo permanently, we'll continuously keep running into them...

> Let's agree on one thing we shouldn't be maintaining other peoples abandoned/illegal libs, however thanks to them being posted on the crates-repo permanently, we'll continuously keep running into them...

Maybe. But at least, if you pick your or somebody else's unmaintained code from five years ago, you have a fighting chance of making it compile and run.