!UUqahLbShAYkkrXmKs:matrix.org

DevOS

33 Members
Seeking help and geeking out together on https://github.com/divnix/devos & https://github.com/divnix/digga10 Servers

Load older messages

SenderMessageTime
17 Aug 2021
@vherrmann:shmerver.de@vherrmann:shmerver.deIt's just that it's easier to mess with binaries15:29:24
@timdeh:matrix.org@timdeh:matrix.orgBecause of the way nix hashes packages, you would only have to trust me if source wasn't available.15:29:29
@vherrmann:shmerver.de@vherrmann:shmerver.debut, whatever15:29:29
@vherrmann:shmerver.de@vherrmann:shmerver.dehm15:29:39
@vherrmann:shmerver.de@vherrmann:shmerver.deyes, with nix it's pretty easy to validate the packages15:30:00
@timdeh:matrix.org@timdeh:matrix.orgif I changed anything, it would change the hash, and it would be a cache miss15:30:08
@vherrmann:shmerver.de@vherrmann:shmerver.deBut for that i would have to build them, or not?15:30:12
@vherrmann:shmerver.de@vherrmann:shmerver.deor no, as long as i trust cachix, i don't have to trust you, am i right?15:30:43
@timdeh:matrix.org@timdeh:matrix.orgno15:30:47
@vherrmann:shmerver.de@vherrmann:shmerver.deso, you're saying i have to trust you?15:31:25
@vherrmann:shmerver.de@vherrmann:shmerver.dehm15:33:15
@vherrmann:shmerver.de@vherrmann:shmerver.dewell anyways…15:33:33
@vherrmann:shmerver.de@vherrmann:shmerver.dethere are millions of other security issues with my setup15:34:06
@vherrmann:shmerver.de@vherrmann:shmerver.de(Just like most setups have millions of security issues)15:37:57
@timdeh:matrix.org@timdeh:matrix.orgno I'm not15:38:10
@timdeh:matrix.org@timdeh:matrix.orgI'm saying if I changed anything, it would be a cache miss15:38:23
@timdeh:matrix.org@timdeh:matrix.org(for you)15:38:33
@timdeh:matrix.org@timdeh:matrix.orgso if I take package A from DevOS and secretly modify a line, and upload the result in cachix, and then you come and download package A from DevOS, you will not download my modified version, because my version has a different hash, which without the source, you can't even calculate.15:39:32
18 Aug 2021
@blaggacao:matrix.orgDavid Arnold (blaggacao)
In reply to @vherrmann:shmerver.de
So its opt-out and not opt-in
The config settings you refer to are opt-in. You will be explicitly asked by the cli if you trust them, and if you want to record that decision for future invokations. 		00:02:55
@ultranix:matrix.orgultranixthat would be.. opt in04:41:28
@vherrmann:shmerver.de@vherrmann:shmerver.delol, i forgot that05:17:58
@vherrmann:shmerver.de@vherrmann:shmerver.de:S05:27:45
@timdeh:matrix.org@timdeh:matrix.orgno worries 😅17:28:54
19 Aug 2021
@gromzly:fullthese.website@gromzly:fullthese.website joined the room.14:40:59
@blaggacao:matrix.orgDavid Arnold (blaggacao) I made the nix-patch overlay use the latest version of nix & that also should save us for a while w.r.t. the follows patch.... 23:29:24
@blaggacao:matrix.orgDavid Arnold (blaggacao)https://github.com/divnix/digga/commit/2c5953f284690a89bfd472418141e3afea2dcf5d23:29:25
20 Aug 2021
@blaggacao:matrix.orgDavid Arnold (blaggacao)So do we abolish the all profile tests then?01:17:20
@blaggacao:matrix.orgDavid Arnold (blaggacao)[Poll] Agree 0. yes 1. maybe01:17:45
@blaggacao:matrix.orgDavid Arnold (blaggacao)😁01:17:48
@blaggacao:matrix.orgDavid Arnold (blaggacao)0. yes01:18:00

Show newer messages

Back to Room ListRoom Version: 6