On 1/23/20 8:06 PM, Charles Duffy wrote: > A potentially unforeseen consequence: > > At present, it is possible (albeit with use of tools that aren't as of > present date publicly released, something I hope to change in the future) > to use the Nix build system to build Arch packages (with some caveats, but > generally manageable ones for folks who don't need these packages to be > what Nix calls "pure"). > > Nix identifies downloaded content by hash -- only build-time processes > which can state a cryptographically strong checksum of their intended > output prior to time of invocation are allowed to connect to the internet > during the build process itself. cksum is not supported by Nix, whereas the > other checksums supported by Arch are. > > Thus, moving to cksum -- quite aside from other concerns, which have been > argued outside this thread -- would encourage an increased proportion of > Arch packages not be buildable by Nix. Wait... does that mean Nix considers md5 to be "cryptographically strong"? o_O
-- Eli Schwartz Bug Wrangler and Trusted User
signature.asc
Description: OpenPGP digital signature
