On 17/06/16 10:26, Eelco Dolstra wrote: > > Cargo cult security is not a priority. I wouldn't worry about "curl | bash" > but > not the giant binary tarball downloaded and executed by that script (or > equivalently, installing a binary RPM or Deb package). Signing the installer > script would provide only a minor increase in security (in that it would > require > the signing key to be compromised, rather than the nixos.org certificate). I > don't object to doing that though. >
I generally agree wit this. I think moving the whole system to offline signing would be nice but I don't think it's very urgent. Another advantage of moving away from the CA system is that the CA system can be bypassed if any of hundreds (thousands?) of CAs are compromised, or if the Nix servers are compromised. Where as if it is an "offline" key (even if it's an online PGP key it would be better). There is a single, more difficult attack surface.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
