Re: [Nix-dev] Announcing: NixOS Security Team, and Request for Comments

Hi, great to see this initiative, thanks! (I’m personally extremely busy so I missed the forming thread in early December). At the Flying Circus we’re currently a bit behind (still running on 15.09) but are going to move to a newer version soon. We’re spending quite a bit of time reviewing

Re: [Nix-dev] Announcing: NixOS Security Team, and Request for Comments

On Fri, Jan 6, 2017 at 11:01 AM, zimbatm wrote: > In relation to GPG key signing, I think it's safe to trust online > identities it they are established trough enough channels. That's basically > what keybase.io is doing, they are a point of contact but the proof of >

Re: [Nix-dev] Announcing: NixOS Security Team, and Request for Comments

In relation to GPG key signing, I think it's safe to trust online identities it they are established trough enough channels. That's basically what keybase.io is doing, they are a point of contact but the proof of identity is distributed on multiple services. Personal verification is just another

[Nix-dev] Announcing: NixOS Security Team, and Request for Comments

(cross-posted to nix-dev for discussion.) Hello Nixians, This morning the NixOS Security Team was formalized in a PR to the homepage: https://github.com/NixOS/nixos-homepage/pull/123. This is now public at https://nixos.org/nixos/security.html. This information is currently listed as follows: