diff --git a/default.nix b/default.nix
index 688bf8dfcf55e3a14fd4e6abd4d1fa98672f678a..7f9b277c7290c3a277c7f80ff194ddabbb32c00b 100644
--- a/default.nix
+++ b/default.nix
@@ -56,7 +56,7 @@ in
       };
       zkapauthorizer = mach-nix.buildPythonApplication rec {
         inherit python providers;
-        src = ./.;
+        src = lib.cleanSource ./.;
         # mach-nix does not provide a way to specify dependencies on other
         # mach-nix packages, that incorporates the requirements and overlays
         # of that package.
@@ -81,6 +81,10 @@ in
           packagesExtra = [ zkapauthorizer tahoe-lafs ];
         };
       in
+        # Since we use this derivation in `environment.systemPackages`,
+        # we create a derivation that has just the executables we use,
+        # to avoid polluting the system PATH with all the executables
+        # from our dependencies.
         pkgs.runCommandNoCC "privatestorage" {}
           ''
             mkdir -p $out/bin
diff --git a/setup.cfg b/setup.cfg
index a93d3232ec0b1a051ff259eaedd978881820b4cb..0c4f044719917527c1935362b1b2b41492e8b4c3 100644
--- a/setup.cfg
+++ b/setup.cfg
@@ -1,5 +1,7 @@
 # Generally describe the project
 [metadata]
+# See https://packaging.python.org/guides/distributing-packages-using-setuptools/#name
+# for requiremnts of a valid project name.
 name = zero-knowledge-access-pass-authorizer
 version = attr: _zkapauthorizer.__version__
 description = A `Tahoe-LAFS`_ storage-system plugin which authorizes storage operations based on privacy-respecting tokens.