Proposal: cabal-install: verify OpenPGP signatures

Mikhail Glushenkov the.dead.shall.rise at
Thu May 1 20:18:41 UTC 2014


On 30 April 2014 01:15, Nikita Karetnikov <nikita at> wrote:
> Following up on the “cabal-install: Replacing HTTP with HTTPS” thread.
> I think we can do better.  I want to make sure that people will notice
> if someone compromises the packages on

I believe Austin Seipp had some ideas about this. IIRC, his plan was
to use ed25519 signatures [1].


More information about the cabal-devel mailing list