There have been a few threads about validating the artifacts downloaded via rustup
(one, two), and I'm here to solicit help with an implementation of The Update Framework, (theupdateframework.github.io).
The project is rust-tuf
(github.com/heartsucker/rust-tuf), and the plan I'm cooking up with @brson is to get rustup
to use TUF to verify all the downloads. The crate is on crates.io as tuf
, though the 0.1.x
series is going to be fully replaced by new code in 0.2.x
. Most of the groundwork is done, but there's a lot of loose ends and things that need to be implemented before we can start packing it into rustup
.
If you're interested in helping, there' a few things you can do
- comment on issues marked
Flag :: Research
- ask to be assigned to isssues marked
Flag :: Help Wanted
- look at the two milestones needed before this can be added to
rustup
:0.2.0
&0.3.0
- open an issue / make a feature request
- write so many unit and integration tests
- grep the code for minor TODOs
I'm trying to keep the GH issues organized do other people can jump in, but I could probably do better there.
Anyway, get in contact if you want to get involved.