Remove signed-binary-caches as the default for require-sigs
This was for backward compatibility. However, with security-related configuration settings, it's best not to have any confusion. Issue #495.
This commit is contained in:
parent
98f3c75a0e
commit
e09161d05c
|
@ -287,10 +287,7 @@ public:
|
|||
Setting<unsigned int> tarballTtl{this, 60 * 60, "tarball-ttl",
|
||||
"How soon to expire files fetched by builtins.fetchTarball and builtins.fetchurl."};
|
||||
|
||||
Setting<std::string> signedBinaryCaches{this, "*", "signed-binary-caches",
|
||||
"Obsolete."};
|
||||
|
||||
Setting<bool> requireSigs{this, signedBinaryCaches == "*", "require-sigs",
|
||||
Setting<bool> requireSigs{this, true, "require-sigs",
|
||||
"Whether to check that any non-content-addressed path added to the "
|
||||
"Nix store has a valid signature (that is, one signed using a key "
|
||||
"listed in 'trusted-public-keys'."};
|
||||
|
|
Loading…
Reference in a new issue