Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Force highest TLS version supported #1716

Merged
merged 1 commit into from
Mar 26, 2019
Merged

Force highest TLS version supported #1716

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions rustup-init.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -376,9 +376,9 @@ downloader() {
if [ "$1" = --check ]; then
need_cmd "$_dld"
elif [ "$_dld" = curl ]; then
curl -sSfL "$1" -o "$2"
curl --proto =https --tlsv1.2 --silent --show-error --fail --location "$1" --output "$2"
kinnison marked this conversation as resolved.
Show resolved Hide resolved
elif [ "$_dld" = wget ]; then
wget "$1" -O "$2"
wget --https-only --secure-protocol=TLSv1_2 "$1" -O "$2"
else
err "Unknown downloader" # should not reach here
fi
Expand Down
2 changes: 1 addition & 1 deletion www/index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
then follow the onscreen instructions.
</p>
<p>If you're a Windows Subsystem for Linux user run the following in your terminal, then follow the onscreen instructions to install Rust.</p>
<pre>curl https://sh.rustup.rs -sSf | sh</pre>
<pre>curl --proto =https --tlsv1.2 -sSf https://sh.rustup.rs | sh</pre>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could this be left as it was? This is just intended to be a quick one-liner copy/paste snippet and expanding with so many options can be pretty intimidating as a copy/paste snippet. Does this really add enough benefit relative to what it's displaying on the site?

Copy link
Author

@sanmai-NL sanmai-NL Apr 26, 2019
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are expressing certain feelings towards this without backing them up with a UX study. I am sad you prioritize the length of an already technical one-liner over the clear and specified security improvement. I think it is instead a good signal that in the Rust ecosystem, security is taken seriously.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Certainly the display isn't as good as it used to be. We could use web techniques to hide the extra arguments from the display but include them in the copy/paste, and provide a copy-command-to-clipboard button which puts it all there, for ease of use?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why would that be important?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Currently the box requires scrolling, and people are more likely to fail to copy the whole command than not. While I personally dislike the narrow styling, I understand why it's there so would prefer to maintain it over trying to do better myself. If someone else could make it work somehow then that'd be good too.

<p class="other-platforms-help">You appear to be running Windows 32-bit. If not, <a class="default-platform-button" href="#">display all supported installers</a>.</p>
</div>

Expand Down