Hello everyone, I’m new to rust.
I’ve installed rustup binary(itself) from trusted source (official website), but due to internet restriction , I have to use RUSTUP_DIST_SERVER to download toolchain(for higher speed) , but I’d like to know how rustup handle update info and binary download from dist server ? I mean if I my rustup binary is trustable , but I use RUSTUP_DIST_SERVER to download toolchain, can RUSTUP_DIST_SERVER provided hijacked toolchain to me ?
I’ve found some signatures valiatation issue on github
but I’m not sure which one related to RUSTUP_DIST_SERVER. any help ?