Hackage security alpha

Roman Cheplyaka roma at ro-che.info
Wed Jul 8 13:37:44 UTC 2015 

Where exactly should I be looking for /snapshot.json?

% curl -D - https://hackage.haskell.org/snapshot.json
HTTP/1.1 404 Not Found
Server: nginx/1.8.0
Content-Type: text/plain
Content-Length: 43
Accept-Ranges: bytes
Date: Wed, 08 Jul 2015 13:35:35 GMT
Via: 1.1 varnish
Age: 0
Connection: keep-alive
X-Served-By: cache-fra1245-FRA
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1436362535.049275,VS0,VE132

Page not found: Sorry, it's just not here.


On 08/07/15 16:08, Duncan Coutts wrote:
> Hi folks,
> 
> We're doing an alpha release of the hackage security work today and we'd
> like to invite you all to help test it.
> 
> In addition to the security improvements it includes automatic use of
> mirrors (including the server distributing a list of available public
> mirrors) and includes incremental downloads of the hackage index, so
> cabal update should be a lot faster.
> 
> At this alpha stage we would like some but not too many users to try it
> out, so when things do break we don't have it break for too many people
> all at once. But subscribers to this list are just the kind of expert
> users who we'd like to try it out and report issues. In particular we're
> interested in any problems caused by crazy proxies and annoying things
> of that ilk.
> 
> During the beta we'll make the whole thing a bit more user friendly to
> get more people to try it out. So for the moment you have to grab things
> from git branches etc. All the details are in this blog post:
> 
> http://www.well-typed.com/blog/2015/07/hackage-security-alpha/
> 
> As it says there, report issues in the github bug tracker.
> 
> Oh and I don't think we say it in the blog post but the idea is that for
> any of the new library dependences for the security stuff, if any of
> them are problematic we can just bundle them with cabal-install (we'll
> probably just bundle them all). The design deliberately keeps these
> dependencies to a minimum: SHA256 hashing, ed25519 signing/checking
> provided by minimal bundled C code. For the alpha the cabal-install
> integration just uses these as external dependencies.
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mail.haskell.org/pipermail/cabal-devel/attachments/20150708/0fc66987/attachment.sig>

More information about the cabal-devel mailing list