{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreifyobwnafuley5zyun7qem4tdamvxn63yhp3ws6dgg2qttwsto3xe",
    "uri": "at://did:plc:ivbknywyskln22er3nkssdhl/app.bsky.feed.post/3mkmbfmrcs342"
  },
  "path": "/t/easily-inspect-dependencies/24200#post_9",
  "publishedAt": "2026-04-29T03:21:25.000Z",
  "site": "https://internals.rust-lang.org",
  "tags": [
    "security/threat-model"
  ],
  "textContent": "I've just realized that I _might_ have changed the security/threat-model, so my argument _might_ be fallacious in some way (or it's _not yet_ fallacious). Previously, my threat model assumed the registry is safe but the publishers might not. But after I said\n\nRudxain:\n\n> \"web-view\" of a file _might_ not match the version downloaded through other means\n\nI changed the threat-model to \"not even the registry can be trusted\". Or maybe the model was always that, but only now I'm making it explicit?\n\nI'm pointing this out so that we're all in the same page, and because there's no explicit consensus (yet) on what the threat-model ought to be.\n\nThis is both a clarification and a question",
  "title": "Easily inspect dependencies"
}