You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After talking to my housemate about threat models, I don't think the signatures thing really closes any attack vectors. It might be interesting to ask an external notary to tell us the hash of the tarball from github-releases when we download it. We could then know whether it has ever changed.
cargo quickinstall $package
should:bintray.com
.~/.cargo/.crates2.toml
and~/.cargo/.crates2.json
? #54cargo quickinstall
invocation to the stats servercargo install $package
.The text was updated successfully, but these errors were encountered: