On Thu, Nov 16, 2017 at 01:59:53PM -0700, Sean Bowe via zapps-wg wrote: > I think it is the current version (1.21). I imagine it would be > possible to modify the code (and many of the dependencies) so that it > could compile on a really old version too.
Also, if someone does manage to do this, I have a OpenTimestamps Git timestamp(1) on Rust crates.io crate registry: https://github.com/petertodd/crates.io-index/commit/763a730f2275d69eb13ee8b212fc9aa0d6fe92b5 Secondly the Internet Archive contains quite a bit of uploaded software, such as Debian install images, and via my Internet Archive timestamp project we have timestamps from May this year for most of that: https://petertodd.org/2017/carbon-dating-the-internet-archive-with-opentimestamps While these timestamps would be only one part of an argument as to why a given compile wasn't backdoored, I think it's worth using cryptographically timestamped dependencies over non-timestamped ones when possible. 1) https://petertodd.org/2016/opentimestamps-git-integration -- https://petertodd.org 'peter'[:-1]@petertodd.org
signature.asc
Description: Digital signature