[Nix-dev] Signed git
Oliver Charles
ollie at ocharles.org.uk
Fri Feb 26 12:16:24 CET 2016
You can only point to something if you can sign that pointer. Just telling
me a narinfo without any more information (that is, signing that) puts us
back to square one.
On Fri, Feb 26, 2016 at 10:06 AM Vladimír Čunát <vcunat at gmail.com> wrote:
> On 02/26/2016 09:55 AM, Oliver Charles wrote:
> > Signed SHAs and the like give us a way to say "I am releasing this
> > version, and you have a way to check that 'I' really said it".
>
> We could point to the corresponding narinfo file. For any package
> there's a signature of the build farm.
>
> That is, assuming the ISOs are copied to the binary cache. I briefly
> looked for the latest 15.09 ones, and they seem not to be there:
> - latest channel revision: 922f03
> - the build: http://hydra.nixos.org/build/32068791#tabs-summary
> - http://cache.nixos.org/95c41wi9dqc1si96d4vhigf0p258s1mr.narinfo
>
> --Vladimir
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160226/115090d9/attachment.html
More information about the nix-dev
mailing list