|
| 1 | +--- |
| 2 | +layout: post |
| 3 | +title: "Announcing Rustup 1.25.2" |
| 4 | +author: The rustup working group |
| 5 | +--- |
| 6 | + |
| 7 | +The rustup working group is announcing the release of rustup version 1.25.2. |
| 8 | +Rustup is the recommended tool to install Rust, a programming language that is |
| 9 | +empowering everyone to build reliable and efficient software. |
| 10 | + |
| 11 | +If you have a previous version of rustup installed, getting rustup 1.25.2 is as |
| 12 | +easy as stopping any programs which may be using Rustup (e.g. closing your IDE) |
| 13 | +and running: |
| 14 | + |
| 15 | +``` |
| 16 | +rustup self update |
| 17 | +``` |
| 18 | + |
| 19 | +Rustup will also automatically update itself at the end of a normal toolchain |
| 20 | +update: |
| 21 | + |
| 22 | +``` |
| 23 | +rustup update |
| 24 | +``` |
| 25 | + |
| 26 | +If you don't have it already, you can [get rustup](https://rustup.rs/) from the |
| 27 | +appropriate page on our website. |
| 28 | + |
| 29 | +## What's new in rustup 1.25.2 |
| 30 | + |
| 31 | +This version of rustup fixes a warning incorrectly saying that signature |
| 32 | +verification failed for Rust releases. The warning was due to a dependency of |
| 33 | +Rustup including a time-based check preventing the use of SHA-1 from February |
| 34 | +1st, 2023 onwards. |
| 35 | + |
| 36 | +Unfortunately Rust's release signing key uses SHA-1 to sign its subkeys, which |
| 37 | +resulted in all signatures being marked as invalid. Rustup 1.25.2 temporarily |
| 38 | +fixes the problem by allowing again the use of SHA-1. |
| 39 | + |
| 40 | +## Why is signature verification failure only a warning? |
| 41 | + |
| 42 | +Signature verification is currently an experimental and incomplete feature |
| 43 | +included in rustup, as it's still missing crucial features like key rotation. |
| 44 | +Until the feature is complete and ready for use, its outcomes are only |
| 45 | +displayed as warnings without a way to turn them into errors. |
| 46 | + |
| 47 | +This is done to avoid potentially breaking installations of rustup. Signature |
| 48 | +verification will error out on failure only after the design and implementation |
| 49 | +of the feature will be finished. |
| 50 | + |
| 51 | +## Thanks |
| 52 | + |
| 53 | +Thanks again to all the contributors who made rustup 1.25.2 possible! |
| 54 | + |
| 55 | + * Daniel Silverstone (kinnison) |
| 56 | + * Pietro Albini (pietroalbini) |
0 commit comments