On Fri, 17 Jun 2016 at 15:19 Yui Hirasawa <y...@cock.li> wrote: > >>> Like already said before, detecting if a user run a curl-pipe-bash and > >>> injecting a malicious binary on the fly is rather trivial to do > compared > >>> to compromise the nixos website itself, and create a phising to fake > >>> both the tarball and the displayed hash. > >> > >> Hash would only ensure that there is no corruption en route, but we > >> already have that since most TLS ciphersuites are authenticated... gotta > >> check nixos.org ciphersuites. > > > > I wonder if something like this would be better perceived: > > ... > > No. Just verifying a hash isn't good enough. Instead the script should > come with a detached PGP signature. >
The second argument could alternatively be a GPG fingerprint then. It wouldn't protect the user from a downgrade attack though. Did you reply to me out of the list on purpose? > Not on purpose. I believe it went both to you and the list though.
_______________________________________________ nix-dev mailing list nix-dev@lists.science.uu.nl http://lists.science.uu.nl/mailman/listinfo/nix-dev
