[libre-riscv-dev] next tasks

Luke Kenneth Casson Leighton lkcl at lkcl.net
Fri Mar 13 10:13:06 GMT 2020

On Fri, Mar 13, 2020 at 8:25 AM Jacob Lifshay <programmerjake at gmail.com> wrote:

> it's similar to installing firefox on windows, where you download and run
> the executable.

which says it all.

as an aside: when i analysed and derived the security requirements
that went into debian's package distribution design, it was
*SEVENTEEN* separate and distinct very specific requirements, any one
of which, if not complied with, completely and utterly destroyed the
security chain of package integrity.


"rustup is secure enough for the non-paranoid, but it still needs
work. rustup performs all downloads over HTTPS, but does not yet
validate signatures of downloads."

here's the good and the bad:

1). bad: it is seriously demeaning to use the phrase "non-paranoid" -
to ACCUSE potential users of rust of "being paranoid".  can i suggest,
jacob, raising that as a severe and high-priority issue with the rust
community to get that removed effective immediate?

2). bad: relying on HTTPS simply makes the website itself a
high-priority hacking target.  HTTPS verifies the *channel*, *not* the

3). good: at least they recognise that signature validation is critical.

4). bad: unfortunately they don't describe - at all - how they intend
to tackle this, and i can pretty much guarantee that if they haven't
thought about it fully, they *will* get it wrong.  even copying
something like Redhat package distribution or archlinux distribution,
they'll get it wrong.


More information about the libre-riscv-dev mailing list