nix/9.nix-gitignore
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #37 from hercules-ci/readme-security

Browse source 
README.md: Add Security section
This commit is contained in:
Domen Kožar 2019-11-28 11:54:24 +01:00 committed by GitHub
commit dcd0b0e878
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
README.md
View file

@ -79,6 +79,13 @@ mkDerivation {
Please open a PR if you've found another feature, determined any of the '?' or found an inaccuracy!
# Security
Files not matched by gitignore rules will end up in the Nix store, which is readable by any process.
gitignore.nix does not yet understand `git-crypt`'s metadata, so don't call `gitignoreSource` on directories containing such secrets or their parent directories.
This applies to any Nix function that uses the `builtins.path` or `builtins.filterSource` functions.
# Contributing
This project isn't perfect (yet) so please submit test cases and fixes as pull requests. Before doing anything drastic, it's a good idea to open an issue first to discuss and optimize the approach.