[Nix-dev] Authenticating binary substitutes
Eelco Dolstra
eelco.dolstra at logicblox.com
Wed May 22 22:40:58 CEST 2013
Hi,
On 22/05/13 16:16, Ludovic Courtès wrote:
> I think it’s enough to sign nars. What do you think it would add to
> sign narinfos as well?
I think it's enough to sign the narinfo, since it contains the hash of the NAR
(which Nix already verifies).
Also, rather than having a separate .sig file, the signature could be stored in
the narinfo file itself. That would halve the number of HTTP requests.
--
Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/
More information about the nix-dev
mailing list