Description
Currently, out of all Linux distributions, only Arch Linux has a method for installing rustup via a package manager, and the recommended method is to use a copy/pasted curl | bash. There has been some discussion as to whether this is a security problem. I contend that it is, because even with an SSL-encrypted website as the source for the copy/paste, a quick-thinking social engineer in physical proximity to a target could cause havoc by running Moxie's SSLStrip, hijacking the redirect, and changing the URL being curl'd, effectively giving arbitrary code not only execution but execution with user trust.
I would like to gauge interest in creating self-installer packages for more mainstream distributions such as Debian (Ubuntu, Mint, etc), Fedora/Red Hat, and SUSE - that is, either amending rustup so that it can update itself in a safe and transactional way, or creating a rustup-up (so to speak) that is capable of doing so, and packaging that installer. This would allow inclusion in traceable installation infrastructure, which would solve the security issue, and allow the project to avoid the apparent stagnation that Arduino and other rapidly moving projects have faced.
If there is interest in this proposal, I'd be more than happy to work on it this summer; my school semester ends soon, and I would love to put my time to good use.