This implements NixOS/rfcs#136. This issue is agreed-upon by the @NixOS/nix-team
Required changes:
- needs documentation on the default number of signatures required
- also should say why it's important: copying a closure to a remote system loses the "ultimately trusted" bit, so before deploying, one will want to make sure it's fully signed
- signatures should be compared by key contents only, excluding names
This implements NixOS/rfcs#136. This issue is agreed-upon by the @NixOS/nix-team
Required changes: