I’m looking to base one of my startup projects on Rust, and one of the first things to do is making sure of everything can be mirrored locally. This includes the Rust distribution itself, obviously; I’d like to freely pin any version of Rust and/or Cargo should any need for that raise, and preferably rustup too, as they’re distributed essentially the same way. However, it seems nothing is being done in this direction, and I’d like to bring this matter up for discussion.
Mirrors can be essential to any large-scale deployment scenario, especially ones that sit behind a firewall; for some of us living in areas with limited global connectivity mirrors even become the only means of access. For example in many parts of China the Amazon S3 connectivity is painfully slow, or blocked entirely; developers there can’t get Rust without jumping through hoops and it certainly hurts adoption. (As a side note, I live in university campus and the connectivity here is excellent. So you may or may not hear complaints about the Chinese GFW from any Chinese individual, just that people connect from different places and stupidities across the different GFW operators are varied too.)
The various distribution addresses are all hard-coded presently. It shouldn’t be very hard to extend the related tooling to accept mirror addresses too, and simply use that as a base for constructing the full address. Because the layout should be all consistent across mirrors, and all content is static and signed, there should be no breakage and the actual work should be easy and minimal.
One blocker remains, though, and that’s proper sign verification during install; I remember seeing this brought up on the rustup 1.0 release, and a proper solution is postponed IIRC. But maybe we can start preparing for all of this to happen and come up with a plan.
Your opinions and comments are welcome!