[Haskell-cafe] hackage is down.
Jochem Berndsen
jochem at functor.nl
Mon Nov 2 06:37:54 EST 2009
??????? ?????? wrote:
>
>> No no no! Why not download the normal (signed) cabal list from the
>> DHT (and optionally directly from hackage.haskell.org)? These are all
>> the packages that would appear on the website. Why serve any other
>> content? All nodes in the DHT may check and make sure the file (or
>> fragment) being served is properly signed.
>>
>> Any desire for popularity or tagging capability should be separate.
>>
> Because single single hackage private key can be bruteforsed or stolen
> far easier than lots and lots keys of random people.
You only need to compromise one well-trusted key to compromise the system.
Cheers, Jochem
--
Jochem Berndsen | jochem at functor.nl | jochem@????.com
More information about the Haskell-Cafe
mailing list