diff options
| author | John Ericson <John.Ericson@Obsidian.Systems> | 2022-09-22 10:43:48 -0400 |
|---|---|---|
| committer | John Ericson <John.Ericson@Obsidian.Systems> | 2022-09-22 10:49:31 -0400 |
| commit | 752f967c0fe2489fe13d8c2c65c3ecba72064adc (patch) | |
| tree | bb0d0b462040fc6af61a90d41b3f48e04c21fd30 /src/libstore/globals.hh | |
| parent | f704c2720f136a6bb73a2e91d4a85e0e9a42ff6f (diff) | |
"valid signature" -> "trustworthy signature"
I just had a colleague get confused by the previous phrase for good
reason. "valid" sounds like an *objective* criterion, e.g. and *invalid
signature* would be one that would be trusted by no one, e.g. because it
misformatted or something.
What is actually going is that there might be a signature which is
perfectly valid to *someone else*, but not to the user, because they
don't trust the corresponding public key. This is a *subjective*
criterion, because it depends on the arbitrary and personal choice of
which public keys to trust.
I therefore think "trustworthy" is a better adjective to use. Whether
something is worthy of trust is clearly subjective, and then "trust"
within that word nicely evokes `trusted-public-keys` and friends.
Diffstat (limited to 'src/libstore/globals.hh')
| -rw-r--r-- | src/libstore/globals.hh | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh index e9d721e59..fb8f810c2 100644 --- a/src/libstore/globals.hh +++ b/src/libstore/globals.hh @@ -560,7 +560,7 @@ public: R"( If set to `true` (the default), any non-content-addressed path added or copied to the Nix store (e.g. when substituting from a binary - cache) must have a valid signature, that is, be signed using one of + cache) must have a trustworthy signature, that is, be signed using one of the keys listed in `trusted-public-keys` or `secret-key-files`. Set to `false` to disable signature checking. )"}; |