On Wed, May 22, 2013 at 02:25:38PM -0400, Eelco Dolstra wrote: > On 22/05/13 11:12, Ludovic Courtès wrote: > > > > I was thinking of a simple extension to solve that: > > > > 1a. The /nix-cache-info file would contain an (optional) > > ‘OpenPGPFingerprint’ field, to announce the fingerprint of the > > OpenPGP key used to sign Nars. > > > > 1b. In addition to, or alternatively, a /nix-signing-key file would be > > served, containing the OpenPGP key used to sign Nars. > > > > 2. In addition to serving, say, > > /nar/zwpx7d0sv36fi4xpwqx2dak0axx5nji8-gmp-5.1.1, the server would > > also serve /nar/zwpx7d0sv36fi4xpwqx2dak0axx5nji8-gmp-5.1.1.sig, an > > OpenPGP binary signature of the uncompressed Nar. > > How about: rather than relying on nix-cache-info, nix.conf should specify a > list > of fingerprints of trusted OpenPGP signing keys. Then when we fetch a > .narinfo, > we check whether it is signed by a trusted key. This way you don't have the > problem Lluís described.
Well, if we use gpg, gpg has its own system of trust, too. Or it's about not using gpg? Regards, Lluís. _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
