|
|
|
|
|
|
by mhoad
1277 days ago
|
|
|
I’m not actually in the Rust ecosystem at all and only just discovered the domain belongs to the official Rust project. That clearly changes the trust calculation in this scenario. I had assumed it was some 3rd party project which would have put it in a different category of problems entirely. But the entire conversation is kind of pointless then. “There is a secret backdoor in the official Rust binary” is not a useful part of any reasonable threat model. |
|
|