[Nix-dev] Malicious installation methods

[Yui Hirasawa]

> Like already said before, detecting if a user run a curl-pipe-bash and
> injecting a malicious binary on the fly is rather trivial to do compared
> to compromise the nixos website itself, and create a phising to fake
> both the tarball and the displayed hash.

Hash would only ensure that there is no corruption en route, but we
already have that since most TLS ciphersuites are authenticated... gotta
check nixos.org ciphersuites.