about summary refs log tree commit diff
path: root/scripts/download-from-binary-cache.pl.in
diff options
context:
space:
mode:
Diffstat (limited to 'scripts/download-from-binary-cache.pl.in')
-rw-r--r--scripts/download-from-binary-cache.pl.in4
1 files changed, 4 insertions, 0 deletions
diff --git a/scripts/download-from-binary-cache.pl.in b/scripts/download-from-binary-cache.pl.in
index 4655f9ac9a0e..bb63eafca522 100644
--- a/scripts/download-from-binary-cache.pl.in
+++ b/scripts/download-from-binary-cache.pl.in
@@ -54,6 +54,10 @@ sub isTrue {
     return $x eq "true" || $x eq "1";
 }
 
+# FIXME: this should be cache URLs required to have valid signatures,
+# or "*" to require signatures on all binary caches.
+# FIXME: should binary caches using a key in
+# ‘binary-cache-public-keys’ be trusted by default?
 my $requireSignedBinaryCaches = ($Nix::Config::config{"signed-binary-caches"} // "0") ne "0";
 
 my $curlConnectTimeout = int(