Re: [Nix-dev] Question on package signing and security?

Simply said, the binary products are signed by the build farm but nothing else is. (commits, etc.) --Vladimir smime.p7s Description: S/MIME Cryptographic Signature ___ nix-dev mailing list nix-dev@lists.science.uu.nl

Re: [Nix-dev] Question on package signing and security?

There's also some discussion on the scope of signatures here: https://github.com/NixOS/nix/issues/613 On Mon, Mar 28, 2016 at 9:15 AM, Thomas Hunger wrote: > The manual has some info: > > https://nixos.org/nix/manual/#operation-generate-binary-cache-key > > It's a fairly

Re: [Nix-dev] Question on package signing and security?

The manual has some info: https://nixos.org/nix/manual/#operation-generate-binary-cache-key It's a fairly straight forward private / public signing scheme. There's an example on how to verify integrity in the manual as well: https://nixos.org/nix/manual/#examples-23 ~ On 28 March 2016 at

[Nix-dev] Question on package signing and security?

Hi, How is package signing this done by nix and how does it work for nixpkgs/nixos? I'm searching for resources on this because of my bachelors thesis and I'm not quite sure nix already does signing and the like. So all the "big" package managers (apt, yum, pacman,...) do some gpg foo to sign