"valid signature" -> "trustworthy signature"

I just had a colleague get confused by the previous phrase for good reason. "valid" sounds like an *objective* criterion, e.g. and *invalid signature* would be one that would be trusted by no one, e.g. because it misformatted or something. What is actually going is that there might be a signature which is perfectly valid to *someone else*, but not to the user, because they don't trust the corresponding public key. This is a *subjective* criterion, because it depends on the arbitrary and personal choice of which public keys to trust. I therefore think "trustworthy" is a better adjective to use. Whether something is worthy of trust is clearly subjective, and then "trust" within that word nicely evokes `trusted-public-keys` and friends.
2025-06-30 07:33:16 +02:00 · 2022-09-22 10:43:48 -04:00 · 2022-09-22 10:43:48 -04:00 · 752f967c0f
commit 752f967c0f
parent f704c2720f
5 changed files with 6 additions and 6 deletions
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@ -560,7 +560,7 @@ public:
        R"(
          If set to `true` (the default), any non-content-addressed path added
          or copied to the Nix store (e.g. when substituting from a binary
-          cache) must have a valid signature, that is, be signed using one of
+          cache) must have a trustworthy signature, that is, be signed using one of
          the keys listed in `trusted-public-keys` or `secret-key-files`. Set
          to `false` to disable signature checking.
        )"};