[Nix-dev] Signed git
Oliver Charles
ollie at ocharles.org.uk
Fri Feb 26 09:55:12 CET 2016
I don't think S3 is looking for accountability but reproducibility. With
nothing signed it's unclear what you should really be expecting for the
release ISOs. Signed SHAs and the like give us a way to say "I am releasing
this version, and you have a way to check that 'I' really said it".
On Fri, Feb 26, 2016 at 8:51 AM Vladimír Čunát <vcunat at gmail.com> wrote:
> On 02/26/2016 08:19 AM, S3 wrote:
> > So, as far as I can tell, nothing is signed.
>
> The binary caches are signed by the build farm, i.e. the mapping from
> expressions to binaries is "safe". That's probably the only signing ATM.
> For transporting nix expressions we offer https.
>
> Disclaimer: I'm no security expert. And I dislike giving a false feeling
> of security.
>
> Note that we have >70 people with push access to nixpkgs. Those are
> random people who contributed larger parts of useful stuff. Even if we
> did sign by a single key that you presumably trust, that person really
> wouldn't be able to guarantee that the contents hasn't been tampered with.
>
> Getting everyone sign their commits would give us accountability in case
> some of us did something malicious (or github). Would that be a
> significant improvement? I'm not certain, but we might do it as the next
> step.
>
> --Vladimir
>
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl
> http://lists.science.uu.nl/mailman/listinfo/nix-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160226/bb5b8985/attachment.html
More information about the nix-dev
mailing list