On 04/16/2015 10:41 PM, Kirill Elagin wrote:
That’s not cool at all.An easy way would be to force TLS. Another option could be to sign NARs with a certificate tied to the hostname of the trusted binary cache and issued by a special NixOS/Nixpkgs CA.
For the state of signing NARs see discussion at https://github.com/NixOS/nix/issues/75 Vladimir
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
