At Mon, 2 Feb 2015 15:45:31 +0000, Daniel Shahaf wrote: > [ tl;dr: NixOS should sign any code that makes it into users' systems. ] > [...] > I would therefore suggest that NixOS starts signing any code that gets > installed on users' machines, and that Nix should, by default, verify > signature against a set of trusted keys and refuse to install packages > that fail to verify. By comparison, most distros sign everything, from > .iso images onwards. > > Part of this has been implemented: verification of binary packages has > been implemented last year [1], however, it is off by default. (Thanks > to Lethalman on IRC for this information.) > > I'm suggesting that as an interested potential user; I don't run NixOS > at the moment. (And not having signed packages makes it harder for me > to choose it over alternatives.)
I would like to see this too. I do run NixOS. Tim _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
