[Haskell-cafe] hackage is down.

Thomas DuBuisson thomas.dubuisson at gmail.com
Sun Nov 1 20:46:30 EST 2009

> + Distributed hackage is DHT network.

A DHT has been discussed before on IRC, glad to hear more people
voicing the thought.

> + Everything is PGP-signed.

Yes, that would certainly be needed and also came up in our discussion.

> + Everyone can push package into network, everyone can rate package
> (malicious / SPAM / unstable / stable / etc).

No no no!  Why not download the normal (signed) cabal list from the
DHT (and optionally directly from hackage.haskell.org)?  These are all
the packages that would appear on the website.  Why serve any other
content?  All nodes in the DHT may check and make sure the file (or
fragment) being served is properly signed.

Any desire for popularity or tagging capability should be separate.

> + User maintains list of trusted people's open keys, in order to
> validate authenticity and see trusted ratings.

This would need further explanation, but in general I'm against
requiring user interaction on this level.


More information about the Haskell-Cafe mailing list