Tracking: Security, Trust models, Improving the status quo

[kinnison]

In order to properly improve rustup's security and trust model, we need to tackle a number of issues. When these are all dealt with, then we'll be in a better position to protect our users and thus we can consider enabling some kind of mirror or alternative-dist-server-by-default mechanisms.

• Simple signature verification with embedded static key available on all rustup targets (Tracking: Simple PGP signature verification #2028)
• Design and implement a better trust model than the above (Tracking: Trust model for signed Rust / Rustup releases #2029)
• Signed Windows binaries (rustup-init.exe needs to be code-signed #1568)

[kinnison]

So at this time, cargo is out of scope for the work we're doing on the trust model for rustup. Again I ask that you hold off on pushing too hard until after we've opened discussion on the trust model work we're drafting. It'll be a little while, but in the short term I've told you what we have available and if that's insufficient for you then we're unlikely to be able to do anything to satisfy you before we have our proper trust model rolled out. Your point that people who need to use Tor in order to avoid scrutiny or interference from state actors is noted though, and will inform our design process, thank you.

[ms-ati]

@kinnison Hi from Dec 2022! Two years later, wondering if any updates on the trust model for rustup?