| *** Gautham <Gautham!~Gautham@117.204.159.140> has left #libre-soc | 06:44 | |
| Las[m] | lkcl: https://github.com/ngi-nix/rfcs/blob/sign-commits/rfcs/0000-sign-commits.md | 12:09 |
|---|---|---|
| lkcl | Las[m], funny isn't it. people complain, "debian is s***, debian is s***" and only when they actually try to replicate - in full - the complete functionality and ecosystem, is there one of those quiet pause "ah." pause moments of reflection | 12:19 |
| lkcl | btw, GPG-signing of commits should not be conflated with package source signing | 12:37 |
| lkcl | the two are unrelated. | 12:38 |
| Las[m] | Yeah, the sources of packages are not checked for signatures right now. That would require a separate system that would be done in quite a different way, since it's not a problem core to Nix, just a problem with Nixpkgs. | 12:39 |
| lkcl | a big plus of mandatory commit signing is that the next stage - individual package source and individual package binary signing - is not a big deal | 12:50 |
| lkcl | nor is establishing a web-of-trust | 12:50 |
| lkcl | both are like, "pffh, well we already have everyone signing commits, so pffh" | 12:51 |
Generated by irclog2html.py 2.17.1 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!