Rewrite deprecation of old binaries
Currently it checks with the verification token described here: https://gitlab.com/df_storyteller/df-storyteller/-/blob/02957d0edf36249943d699346219a5f93abc83b5/docs/security.md#update-checking But this can be rewritten using a active verification server.
The dependencies can be embedded in the binary using: https://github.com/Shnatsel/rust-audit Then the tool extract this data and transforms it into json using: https://docs.rs/auditable-serde/0.1.0/auditable_serde/#basic-usage It sends this to the server and server checks all the dependencies using: https://crates.io/crates/rustsec If everything is okay it will send a signed token to the client that is stored locally. This token can then be used until it expires and has to be rechecked.
- Duration before token expires (locally)
- Interval the server updates its DB cache.
- Trusted public keys and trusted URL's in application.
Link to other write-up: https://github.com/RustSec/advisory-db/issues/413