[Nix-dev] Malicious installation methods

Yui Hirasawa yui at cock.li
Sun Jun 19 11:44:16 CEST 2016


> [1] Alright, it's better than nothing. In fact, quite a lot better than
> nothing, but what you really want is signing of everything in the trust
> chain. A *possible* way around this would be if the installer script
> were to have embedded/hardcoded (crypto-secure) hashes and would fetche
> things only via URLs containing those hashes. That'd at least be
> *something*.

If you sign the script and it contains say sha512sums for the things it
pulls you don't have to sign them separately. It's similiar to how many
distributions only distribute one file with all the sums that is signed.


More information about the nix-dev mailing list