[Nix-dev] fetchgit - why sha256 protection?
Marc Weber
marco-oweber at gmx.de
Mon Nov 19 11:25:38 CET 2012
Excerpts from Eelco Dolstra's message of Mon Nov 19 11:01:39 +0100 2012:
> No, because Nix's fixed-output derivation feature requires a md5/sha1/sha256
> hash of the expected contents.
I know what the current implementation requires. Just wondering whether
this should be relaxed for git (like) VCS sources, because they
naturally have a hash.
I mean why run nix-prefetch git if using url and git commit hash could
be enough? If you don't trust builders, fetching git sources is that
common that it could even be built into the nix tool.
My goal is to simplify installing packages from other sub universes such
as ruby.
Marc Weber
More information about the nix-dev
mailing list