On 22 July 2012 15:45, Marc Weber <[email protected]> wrote: > And trusting the nix store hash sums (nix-store --verify > --check-contents) is not safe either - because the database could have > been compromised (then the attacker would know nixos very well).
One can do it like in git: if you have one SHA for the state of the whole system, then you can verify it and even human-remember this number (e.g. in bubble-babble). Or you can sign it and verify via some chain of authorities (but the root authority stored could be compromised). Vlada _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
