[Haskell-cafe] Ticking time bomb
tab at snarc.org
Thu Jan 31 09:11:02 CET 2013
On 01/30/2013 07:27 PM, Edward Z. Yang wrote:
> Unsigned Hackage packages are a ticking time bomb.
I agree this is terrible, I've started working on this, but this is
quite a bit of work and other priorities always pop up.
My current implementation generate a manifest during sdist'ing in cabal,
and have cabal-signature called by cabal on the manifest to create a
The main issue i'm facing is how to create a Web of Trust for doing all
the public verification bits.
More information about the Haskell-Cafe