Proposal: cabal-install: verify OpenPGP signatures
Mikhail Glushenkov
the.dead.shall.rise at gmail.com
Thu May 1 20:18:41 UTC 2014
Hi,
On 30 April 2014 01:15, Nikita Karetnikov <nikita at karetnikov.org> wrote:
> Following up on the “cabal-install: Replacing HTTP with HTTPS” thread.
> I think we can do better. I want to make sure that people will notice
> if someone compromises the packages on hackage.haskell.org.
>[...]
I believe Austin Seipp had some ideas about this. IIRC, his plan was
to use ed25519 signatures [1].
[1] https://github.com/thoughtpolice/hs-ed25519
More information about the cabal-devel
mailing list