Proposal: cabal-install: verify OpenPGP signatures
Nikita Karetnikov
nikita at karetnikov.org
Fri Jun 27 14:57:56 UTC 2014
I’ve just pushed a bit more code [1]. Now it’s possible to upload an
ASCII-armored OpenPGP signature, which is optional, while uploading a
package or a package candidate. If a signature is present, the download
link will be shown in the “Downloads” list.
Questions:
1. ‘backup’ doesn’t work yet. Should I use symlinks and a shared
directory (see ‘Distribution/Server/Framework/BackupDump.hs’)?
2. Is there a need to provide ‘SafeCopy’ instances for the types that
have been changed? If so, then which ones should be instantiated?
Also, I made a mistake in 328c38a. Public keys must have their own
page(s) since ‘name-contact’ requires authorization. (I’ll fix it).
Any feedback is appreciated. Note that a development version of
hOpenPGP is required for now (see the comment in the cabal file).
[1] https://gitorious.org/hackage-server/hackage-server/commits/openpgp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://www.haskell.org/pipermail/cabal-devel/attachments/20140627/1ceba69f/attachment.sig>
More information about the cabal-devel
mailing list