[Haskell-cafe] Ongoing IHG work to improve Hackage security
the.dead.shall.rise at gmail.com
Thu Apr 16 13:14:47 UTC 2015
On 16 April 2015 at 11:33, Duncan Coutts <duncan at well-typed.com> wrote:
> The IHG members identified Hackage security as an important issue some
> time ago and myself and my colleague Austin have been working on a
> design and implementation.
> The details are in this blog post:
Thank you, this is very exciting. But won't the post-release .cabal
update feature interfere with "package index as an append-only log"
concept? IIUC, right now it is implemented as a destructive update of
the corresponding package index entry, so making the package index
immutable will break backwards compatibility.
More information about the Haskell-Cafe