[leo_santagada]

it is a https url, the same you use to move funds in your bank... If they provided a rpm/deb package it either would not be signed or you would have to download the public key and the package over https.

In the end is the same level of security, this one at least you can first download the script, read it and then pipe it to bash much more easily than a rpm/deb.

[ajross]

TLS encrypts the transfer. It... sort of authenticates the site (modulo multiple holes that exist in that scheme).

But that just pushes the problem on the user: now the user needs to know affirmatively that "rust-lang.org" is the correct source. And they need to know the same thing about every piece of software they install using this insanity.

That's a rather different situation than simply trusting the install-time keys shipped on your system, which you can authenticate manually (via a public key check against a well-published, historically attestable key) with comparative simplicity.

[d0mine]

"the install-time keys shipped on your system" -- given Rust's rapid pace of development, I highly doubt that default packages that are provided e.g., by Debian would be relevant.

To get a reasonably fresh version, you would need to use something like Ubuntu's ppa where you need to trust the ppa's author and TLS, to get you signed packages and the corresponding keys.

"keys + signed package" via TLS from a known (via google) site is more secure than "human readable sh script" via TLS but it is not by leaps and bounds.

[pnathan]

Oy vey! No! It's not! HTTPS as commonly implemented is well known to be much more compromisable than the approach of using an actual signed system. In particular, the CA system is.... not good (lots of discussion about this exists).

Having the Debian approach is far better here!