From 175935e053dc153901673ab711a4359da80eec16 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 19 Feb 2015 14:10:33 +0100 Subject: [PATCH] FIXMEs --- scripts/download-from-binary-cache.pl.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/download-from-binary-cache.pl.in b/scripts/download-from-binary-cache.pl.in index 4655f9ac9..bb63eafca 100644 --- a/scripts/download-from-binary-cache.pl.in +++ b/scripts/download-from-binary-cache.pl.in @@ -54,6 +54,10 @@ sub isTrue { return $x eq "true" || $x eq "1"; } +# FIXME: this should be cache URLs required to have valid signatures, +# or "*" to require signatures on all binary caches. +# FIXME: should binary caches using a key in +# ‘binary-cache-public-keys’ be trusted by default? my $requireSignedBinaryCaches = ($Nix::Config::config{"signed-binary-caches"} // "0") ne "0"; my $curlConnectTimeout = int(