From e09161d05cfbd7c6d4cf41a35765e3fe346ea181 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <edolstra@gmail.com>
Date: Fri, 26 Jan 2018 17:10:52 +0100
Subject: [PATCH] Remove signed-binary-caches as the default for require-sigs

This was for backward compatibility. However, with security-related
configuration settings, it's best not to have any confusion.

Issue #495.
---
 src/libstore/globals.hh | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index 1e50e2d13..20ac8fe4e 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -287,10 +287,7 @@ public:
     Setting<unsigned int> tarballTtl{this, 60 * 60, "tarball-ttl",
         "How soon to expire files fetched by builtins.fetchTarball and builtins.fetchurl."};
 
-    Setting<std::string> signedBinaryCaches{this, "*", "signed-binary-caches",
-        "Obsolete."};
-
-    Setting<bool> requireSigs{this, signedBinaryCaches == "*", "require-sigs",
+    Setting<bool> requireSigs{this, true, "require-sigs",
         "Whether to check that any non-content-addressed path added to the "
         "Nix store has a valid signature (that is, one signed using a key "
         "listed in 'trusted-public-keys'."};
-- 
GitLab