[multirust-rs] (https://github.com/Diggsey/multirust-rs) eventually should validate its downloads using the Rust signing key. I don’t want to deal with the unreliability of hoping
gpg exists locally or of bundling more C components, so I want to use a Rust solution. It doesn’t look to me like there’s a pure-Rust crate specifically for this, so what needs to happen to do basic GPG signature validation in Rust?
multirust-rs already has access to OpenSSL, so I can reuse code from that, but I would prefer pure-Rust.
Here’s the pgpdump of the Rust pubkey, if that helps identify exactly which crypto is needed.
I seriously don’t know much here. Please tell me exactly what needs to happen.