Proposal: cabal-install: verify OpenPGP signatures
the.dead.shall.rise at gmail.com
Thu May 1 20:18:41 UTC 2014
On 30 April 2014 01:15, Nikita Karetnikov <nikita at karetnikov.org> wrote:
> Following up on the “cabal-install: Replacing HTTP with HTTPS” thread.
> I think we can do better. I want to make sure that people will notice
> if someone compromises the packages on hackage.haskell.org.
I believe Austin Seipp had some ideas about this. IIRC, his plan was
to use ed25519 signatures .
More information about the cabal-devel