The Rust team is aware of this possibility, and is guarding against it by keeping a log of checksums and source git revisions for the various versions of the compiler, so that compilers downloaded from the net can be checked, and we could, if something dodgy is found, back-track to a known trusted version of the compiler (or even all the way back to the OCaml bootstrap compiler, though that'd be a lot of work).
It is theoretically possible that someone manages to sneak in a commit that adds an exploit to the compiler, but since patches are reviewed, that is not terribly likely to succeed. Also, Rust is a small target still, and it would be a marvelous feat of engineering to install a functioning exploit in a compiler that is being overhauled and changed all the time. _______________________________________________ Rust-dev mailing list [email protected] https://mail.mozilla.org/listinfo/rust-dev
