found a comment claiming that there are 139 committers - but that comment is a few years old.

The current size of the Nixpkgs committers team is 197.

A key criteria for becoming a committer is to author a sizable number of PRs that go on to be approved through this process.

Not only that but also reviews and other community interactions.

You must be “known” among existing committers and have shown that you understand the “rules” of Nixpkgs; written and unwritten ones.

I didn’t see descriptions of any measures that would prevent committers from making whatever changes to nixpkgs they choose to.

That is correct. We could push any commit we wanted into Nixpkgs.

Others would (hopefully) notice though and there’s a bot which tells you “nono, bad committer” when you push a commit without PR ;)

package hashes are not a cryptographically-secure proof of reproducibility - it is technically possible to tamper with binaries in some ways that don’t change hashes

It’s possible to tamper with the binary but not the source code. A substantial change in build recipe always causes a change in derivation hash. Malicious code must be introduced in source code form.

To tamper with binaries, you’d need access to Hydra; more specifically its signing key. Committers do not have that kind of access.

Personal reputations are at stake which I think is a solid motivator to act in good faith. I think if a malicious change did get in it would probably be caught quickly.

Well, that’s the hope anyways. Thankfully, we haven’t had this system abused yet but I’d be more comfortable if there was a better system in place. Especially w.r.t. removing inactive committers that haven’t actually been part of the project for a long time.