You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi, rust-lang/rustup#2028 is the current rustup status around PGP validation. In particular we validate the signature on the channel manifest, and then checksums on every file vs the checksum in the manifest.
While rustup releases are not signed, one could build that once and distributed in a secure fashion within in an organisation if needed; downgrade attacks via channel manifest replacement are possible, IFF (rust infrastructure is compromised || TLS is broken), since the manifests are downloaded from https://static.rust-lang.org.
Certificate pinning: we depend on a defaulted set of GPG keys, included in rustup's source and compiled into the binary. TLS certificate pinning : static.rust-lang.org is using dynamically refreshed certs, making pinning hard. If that changes we can consider it.
The text was updated successfully, but these errors were encountered:
Hi, rust-lang/rustup#2028 is the current rustup status around PGP validation. In particular we validate the signature on the channel manifest, and then checksums on every file vs the checksum in the manifest.
While rustup releases are not signed, one could build that once and distributed in a secure fashion within in an organisation if needed; downgrade attacks via channel manifest replacement are possible, IFF (rust infrastructure is compromised || TLS is broken), since the manifests are downloaded from https://static.rust-lang.org.
Certificate pinning: we depend on a defaulted set of GPG keys, included in rustup's source and compiled into the binary. TLS certificate pinning : static.rust-lang.org is using dynamically refreshed certs, making pinning hard. If that changes we can consider it.
The text was updated successfully, but these errors were encountered: