Evaluating the security implications of a company-wide Nix remote builder


IMo it is no worse than, say, a company wide rpm repository and as such it should be treated.

1 Like

It’s worth noting that CA derivations don’t directly protect from that because although the paths themselves are self-verified, there’s a bit of metadata (the “realisation”) that maps derivations to their output paths, and has to be trusted (or signed).

Ototh, what CA derivations allow is remote building without being a trusted Nix user (on the builder). And in that case it becomes impossible to upload anything non trusted to it, and we get more security back

1 Like
Hosted by Flying Circus.