[Nix-dev] Announcing: NixOS Security Team, and Request for Comments

Graham Christensen graham at grahamc.com
Fri Jan 6 03:12:58 CET 2017


(cross-posted to nix-dev for discussion.)

Hello Nixians,

This morning the NixOS Security Team was formalized in a PR to the
homepage: https://github.com/NixOS/nixos-homepage/pull/123.

This is now public at https://nixos.org/nixos/security.html.

This information is currently listed as follows:


    Graham Christensen graham at grahamc.com
    GPG Key: 0xFE918C3A98C1030F
    GPG Fingerprint: BA94 FDF1 1DA4 0521 2864 C121 FE91 8C3A 98C1 030F

    Franz Pletz fpletz at fnordicwalking.de
    GPG Key: 0x846FDED7792617B4
    GPG Fingerprint: 8A39 615D CE78 AF08 2E23 F303 846F DED7 7926 17B4

    Domen Kožar domen at dev.si
    GPG Key: 0xC2FFBCAFD2C24246
    GPG Fingerprint: E96C 15A0 8D17 CE3B 17B0 C7AB C2FF BCAF D2C2 4246

    Rob Vermaas rob.vermaas at gmail.com
    GPG Key: 0xE114A5F264A8AE8E
    GPG Fingerprint: 96BF 75A5 3DEE 1F21 5F0C 979C E114 A5F2 64A8 AE8E


At this time, none of us have signed each other's keys. There is some
discussion about this in the pull request (linked above) but basically
it boils down to this:

We do each trust the work and intentions of each other, but this
doesn't necessarily translate in to confirmed identity.

Signing keys has a lot of meaning around verifying identity. Until
each of us are able to be in the same room and check identification, we
can't very well assert each other's identities.

This is an effort to preserve the intentions of the web of trust... and
this is where we get to the "request for comments" on how the Nix
community would like for us to proceed on this front.

If you have any opinions or feedback, please feel free to reply to the
nix-dev email list, and _not_ the GitHub issue so as to keep further
conversation on this list. 


Thank you,
Graham Christensen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 800 bytes
Desc: not available
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20170105/716155ad/attachment-0001.sig>


More information about the nix-dev mailing list