[Haskell-cafe] hackage is down.

??????? ?????? me at rkit.pp.ru
Sun Nov 1 21:28:53 EST 2009


> No no no!  Why not download the normal (signed) cabal list from the
> DHT (and optionally directly from hackage.haskell.org)?  These are all
> the packages that would appear on the website.  Why serve any other
> content?  All nodes in the DHT may check and make sure the file (or
> fragment) being served is properly signed.
>
> Any desire for popularity or tagging capability should be separate.
>   
Because single single hackage private key can be bruteforsed or stolen 
far easier than lots and lots keys of random people.

>> + User maintains list of trusted people's open keys, in order to
>> validate authenticity and see trusted ratings.
>>     
>
> This would need further explanation, but in general I'm against
> requiring user interaction on this level.
You choose who's moderating packages for you. Some well-known community 
moderators and your trusted friends. If no one rated package yet, then 
you download and rate, so people who trust you can make decision based 
on your rate.
Kind of social network.


More information about the Haskell-Cafe mailing list