alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity
Nix Packages collection
138428 commits 217 branches 116 tags 4 GiB
Nix 96.3%
Shell 1.6%
Python 1.1%
Perl 0.3%
C 0.2%
Other 0.1%
Go to file
aszlig b3d5ca8359
nixos/dhparams: Set default bit size to 2048 
@Ekleog writes in https://github.com/NixOS/nixpkgs/pull/39526:

> I think a default of 4096 is maybe too much? See certbot/certbot#4973;
> Let's Encrypt supposedly know what they are doing and use a
> pre-generated 2048-bit DH params (and using the same DH params as
> others is quite bad, even compared to lower bit size, if I correctly
> remember the attacks available -- because it increases by as much the
> value of breaking the group).

> Basically I don't have anything personal against 4096, but fear it may
> re-start the arms race: people like having "more security" than their
> distributions, and having NixOS already having more security than is
> actually useful (I personally don't know whether a real-size quantum
> computer will come before or after our being able to break 2048-bit
> keys, let alone 3072-bit ones -- see wikipedia for some numbers).

> So basically, I'd have set it to 3072 in order to both decrease build
> time and avoid having people setting it to 8192 and complaining about
> how slow things are, but that's just my opinion. :)

While he suggests is 3072 I'm using 2048 now, because it's the default
of "openssl dhparam". If users want to have a higher value, they can
still change it.

Signed-off-by: aszlig <aszlig@nix.build>
2018-04-30 05:53:38 +02:00
.github CODEOWNERS: add Mic92/LnL7 for rustc 2018-04-09 14:47:10 +01:00
doc doc: add filtered pr list 2018-04-23 17:07:53 -05:00
lib treewide: isArm -> isAarch32 2018-04-25 15:28:55 -04:00
maintainers Merge pull request #39171 from nocent/add/bonzomatic 2018-04-24 17:58:55 +02:00
nixos nixos/dhparams: Set default bit size to 2048 2018-04-30 05:53:38 +02:00
pkgs boto{3,core}: {1.6.0,1.9.3} -> {1.7.9,1.10.9} 2018-04-25 21:36:15 -04:00
.editorconfig .version: remove final newline 2018-04-24 07:10:23 +02:00
.gitattributes gitattributes: disable merge=union in all-packages 2018-03-27 11:03:03 -05:00
.gitignore kde5: consolidate packages into desktops/kde-5 2016-03-01 10:36:00 -06:00
.version .version: remove final newline 2018-04-24 07:10:23 +02:00
COPYING 2018 will be the year of NixOS 2018-01-04 17:59:52 -05:00
default.nix default.nix: Provide correct instructions how to upgrade Nix 2017-03-18 21:04:07 +02:00
README.md README: 17.09 -> 18.03 2018-04-04 09:48:35 +02:00

README.md

logo

Code Triagers Badge

Nixpkgs is a collection of packages for the Nix package manager. It is periodically built and tested by the Hydra build daemon as so-called channels. To get channel information via git, add nixpkgs-channels as a remote:

% git remote add channels git://github.com/NixOS/nixpkgs-channels.git

For stability and maximum binary package support, it is recommended to maintain custom changes on top of one of the channels, e.g. nixos-18.03 for the latest release and nixos-unstable for the latest successful build of master:

% git remote update channels
% git rebase channels/nixos-18.03

For pull-requests, please rebase onto nixpkgs master.

NixOS Linux distribution source code is located inside nixos/ folder.

Communication: