Proposal: cabal-install: verify OpenPGP signatures

Mikhail Glushenkov the.dead.shall.rise at
Sun May 4 02:55:14 UTC 2014


On 3 May 2014 02:31, Nikita Karetnikov <nikita at> wrote:
> I’ve been told off-list that relying on external tools (such as GPG) may
> be problematic.  Is it the case?  And if so, could you elaborate?

Yes, we want to make cabal-install as self-contained as possible,
since it makes installation/distribution easier. E.g. on Windows we
can just distribute a single cabal.exe to users.

More information about the cabal-devel mailing list