[Nix-dev] Binary trust
Vladimír Čunát
vcunat at gmail.com
Thu Apr 16 23:58:49 CEST 2015
On 04/16/2015 10:41 PM, Kirill Elagin wrote:
> That’s not cool at all.
>
> An easy way would be to force TLS.
> Another option could be to sign NARs with a certificate tied to the
> hostname of the trusted binary cache and issued by a special
> NixOS/Nixpkgs CA.
For the state of signing NARs see discussion at
https://github.com/NixOS/nix/issues/75
Vladimir
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3251 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.science.uu.nl/pipermail/nix-dev/attachments/20150416/fdf189f6/attachment-0001.bin
More information about the nix-dev
mailing list