New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
steam: http -> https #104507
steam: http -> https #104507
Conversation
Result of Edit: I don't know the command to invalidate the download cache but the size is the same. |
If the output is hashed, what's the point? |
Encryption in flight? ¯\_(ツ)_/¯ I'd prefer the encrypted protocol over non, but maybe I'm being too paranoid. |
Oh that's fair, I guess I was just thinking from a MITM mitigation standpoint. And since this is proprietary, users will be downloading it themselves. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it's still better to use https. I even think MITM is still a concern if hydra would be a target of such attack. Even though the fact that diff is only in protocol doesn't mean such attack can't happens if the future (only that it has not happened yet). If hydra would be given a fake source (by any type of man in the middle or man on the side) it would happily cash the build result and distribute it via binary cache for given derivation.
-
NIXPKGS_ALLOW_UNFREE=1 nix-build -A steam
works locally - diff looks ok
That being said, I still prefer https by default. Http links lying around are, at best, basically the same, and at worst, a footgun. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Result of nixpkgs-review pr 104507 1
Motivation for this change
Would prefer HTTPS by default
Things done
https
endpoint as the one received through thehttp
endpoint