[Haskell-cafe] Ticking time bomb
Christopher Done
chrisdone at gmail.com
Fri Feb 1 13:07:33 CET 2013
Hey dude, it looks like we made the same project yesterday:
http://www.reddit.com/r/haskell/comments/17njda/proposal_a_trivial_cabal_package_signing_utility/
Yours is nice as it doesn't depend on GPG. Although that could be a
nice thing because GPG manages keys. Dunno.
Another diff is that mine puts the .sig inside the .tar.gz, yours puts
it separate.
=)
On 31 January 2013 09:11, Vincent Hanquez <tab at snarc.org> wrote:
> On 01/30/2013 07:27 PM, Edward Z. Yang wrote:
>>
>> https://status.heroku.com/incidents/489
>>
>> Unsigned Hackage packages are a ticking time bomb.
>>
> I agree this is terrible, I've started working on this, but this is quite a
> bit of work and other priorities always pop up.
>
> https://github.com/vincenthz/cabal
> https://github.com/vincenthz/cabal-signature
>
> My current implementation generate a manifest during sdist'ing in cabal, and
> have cabal-signature called by cabal on the manifest to create a
> manifest.sign.
>
> The main issue i'm facing is how to create a Web of Trust for doing all the
> public verification bits.
>
> --
> Vincent
>
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe at haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
More information about the Haskell-Cafe
mailing list