[Nix-dev] Sidestepping the community builds trust issue?
Tim Barbour
trb at categorical.net
Fri Dec 25 22:48:15 CET 2015
I agree there is no conflict between your proposal and my suggestion.
The reason I mentioned it is that I do not like the idea of relying on
a single trusted party for security (to whic your proposal makes no
difference, because the trusted party will control all build
machines). If someone (use your imagination) wanted to be able to gain
access to any nixos machine, they would be tempted to compromise the
centrally controlled builds.
Therefore I think we should encourage people to run build systems,
whether centrally controlled or not.
Tim
More information about the nix-dev
mailing list