[Haskell-cafe] Ticking time bomb

Vincent Hanquez tab at snarc.org
Thu Jan 31 09:11:02 CET 2013

On 01/30/2013 07:27 PM, Edward Z. Yang wrote:
> https://status.heroku.com/incidents/489
> Unsigned Hackage packages are a ticking time bomb.
I agree this is terrible, I've started working on this, but this is 
quite a bit of work and other priorities always pop up.


My current implementation generate a manifest during sdist'ing in cabal, 
and have cabal-signature called by cabal on the manifest to create a 

The main issue i'm facing is how to create a Web of Trust for doing all 
the public verification bits.


More information about the Haskell-Cafe mailing list