Friday, 2021-08-13

*** Gautham <Gautham!~Gautham@> has left #libre-soc06:44
lkclLas[m], funny isn't it. people complain, "debian is s***, debian is s***" and only when they actually try to replicate - in full - the complete functionality and ecosystem, is there one of those quiet pause "ah." pause moments of reflection12:19
lkclbtw, GPG-signing of commits should not be conflated with package source signing12:37
lkclthe two are unrelated.12:38
Las[m]Yeah, the sources of packages are not checked for signatures right now. That would require a separate system that would be done in quite a different way, since it's not a problem core to Nix, just a problem with Nixpkgs.12:39
lkcla big plus of mandatory commit signing is that the next stage - individual package source and individual package binary signing - is not a big deal12:50
lkclnor is establishing a web-of-trust12:50
lkclboth are like, "pffh, well we already have everyone signing commits, so pffh"12:51

Generated by 2.17.1 by Marius Gedminas - find it at!