2 Likes
IMo it is no worse than, say, a company wide rpm repository and as such it should be treated.
1 Like
It’s worth noting that CA derivations don’t directly protect from that because although the paths themselves are self-verified, there’s a bit of metadata (the “realisation”) that maps derivations to their output paths, and has to be trusted (or signed).
Ototh, what CA derivations allow is remote building without being a trusted Nix user (on the builder). And in that case it becomes impossible to upload anything non trusted to it, and we get more security back
1 Like