There have been a few threads about validating the artifacts downloaded via rustup (one, two), and I’m here to solicit help with an implementation of The Update Framework, (theupdateframework.github.io).

The project is rust-tuf (github.com/heartsucker/rust-tuf), and the plan I’m cooking up with @brson is to get rustup to use TUF to verify all the downloads. The crate is on crates.io as tuf , though the 0.1.x series is going to be fully replaced by new code in 0.2.x . Most of the groundwork is done, but there’s a lot of loose ends and things that need to be implemented before we can start packing it into rustup .

If you’re interested in helping, there’ a few things you can do

comment on issues marked Flag :: Research

ask to be assigned to isssues marked Flag :: Help Wanted

look at the two milestones needed before this can be added to rustup : 0.2.0 & 0.3.0

: & open an issue / make a feature request

write so many unit and integration tests

grep the code for minor TODOs

I’m trying to keep the GH issues organized do other people can jump in, but I could probably do better there.

Anyway, get in contact if you want to get involved.