[Haskell-cafe] Ticking time bomb
Vincent Hanquez
tab at snarc.org
Thu Jan 31 09:11:02 CET 2013
On 01/30/2013 07:27 PM, Edward Z. Yang wrote:
> https://status.heroku.com/incidents/489
>
> Unsigned Hackage packages are a ticking time bomb.
>
I agree this is terrible, I've started working on this, but this is
quite a bit of work and other priorities always pop up.
https://github.com/vincenthz/cabal
https://github.com/vincenthz/cabal-signature
My current implementation generate a manifest during sdist'ing in cabal,
and have cabal-signature called by cabal on the manifest to create a
manifest.sign.
The main issue i'm facing is how to create a Web of Trust for doing all
the public verification bits.
--
Vincent
More information about the Haskell-Cafe
mailing list