[Nix-dev] [yui at cock.li: Re: Malicious installation methods]

Eelco Dolstra eelco.dolstra at logicblox.com
Fri Jun 17 16:26:46 CEST 2016


Hi,

On 06/17/2016 03:56 PM, Yui Hirasawa wrote:

> HTTPS is not a verified channel. Our current CA system is really fragile

It is, but it works a lot better than the PGP web of trust in that it doesn't
require people to get together to engage in quaint key signing rituals.

> Here is a quote from the #nix channel: 
> 
>> kmicu: Tsutsukakushi: I told ya so… security is not a priority here.

Cargo cult security is not a priority. I wouldn't worry about "curl | bash" but
not the giant binary tarball downloaded and executed by that script (or
equivalently, installing a binary RPM or Deb package). Signing the installer
script would provide only a minor increase in security (in that it would require
the signing key to be compromised, rather than the nixos.org certificate). I
don't object to doing that though.

-- 
Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/


More information about the nix-dev mailing list