Readme gives http instead of https examples - safe?
matthiasbeyer opened this issue · 1 comments
matthiasbeyer commented
The Readme gives http instead of https examples - is this safe? If yes, please add a short note why.
nh2 commented
Yes it's safe, because nix supports pubkey-signed packages and uses that by default.
If you try to make it more confidential what packages exactly are downloaded, you can use https instead (but usually you don't, e.g. on Debian/Ubuntu it also downloads public apt packages via http if not chosen otherwise).
I added a section in the README for it.