There have been a few threads about validating the artifacts downloaded via rustup (one, two), and I'm here to solicit help with an implementation of The Update Framework, (theupdateframework.github.io).
The project is rust-tuf (github.com/heartsucker/rust-tuf), and the plan I'm cooking up with @brson is to get rustup to use TUF to verify all the downloads. The crate is on crates.io as tuf, though the 0.1.x series is going to be fully replaced by new code in 0.2.x. Most of the groundwork is done, but there's a lot of loose ends and things that need to be implemented before we can start packing it into rustup.
If you're interested in helping, there' a few things you can do
- comment on issues marked
Flag :: Research - ask to be assigned to isssues marked
Flag :: Help Wanted - look at the two milestones needed before this can be added to
rustup:0.2.0&0.3.0 - open an issue / make a feature request
- write so many unit and integration tests
- grep the code for minor TODOs
I'm trying to keep the GH issues organized do other people can jump in, but I could probably do better there. 
Anyway, get in contact if you want to get involved.
