Hi, On 22/05/13 16:16, Ludovic Courtès wrote:
> I think it’s enough to sign nars. What do you think it would add to > sign narinfos as well? I think it's enough to sign the narinfo, since it contains the hash of the NAR (which Nix already verifies). Also, rather than having a separate .sig file, the signature could be stored in the narinfo file itself. That would halve the number of HTTP requests. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
