[Nix-dev] [yui at cock.li: Re: Malicious installation methods]

Kevin Cox kevincox at kevincox.ca
Fri Jun 17 16:34:08 CEST 2016


On 17/06/16 10:26, Eelco Dolstra wrote:
> 
> Cargo cult security is not a priority. I wouldn't worry about "curl | bash" but
> not the giant binary tarball downloaded and executed by that script (or
> equivalently, installing a binary RPM or Deb package). Signing the installer
> script would provide only a minor increase in security (in that it would require
> the signing key to be compromised, rather than the nixos.org certificate). I
> don't object to doing that though.
> 

I generally agree wit this. I think moving the whole system to offline
signing would be nice but I don't think it's very urgent.

Another advantage of moving away from the CA system is that the CA
system can be bypassed if any of hundreds (thousands?) of CAs are
compromised, or if the Nix servers are compromised. Where as if it is an
"offline" key (even if it's an online PGP key it would be better). There
is a single, more difficult attack surface.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 213 bytes
Desc: OpenPGP digital signature
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160617/925df024/attachment.sig>


More information about the nix-dev mailing list