[Haskell-cafe] Ongoing IHG work to improve Hackage security

Mikhail Glushenkov the.dead.shall.rise at gmail.com
Thu Apr 16 13:14:47 UTC 2015


On 16 April 2015 at 11:33, Duncan Coutts <duncan at well-typed.com> wrote:
> All,
> The IHG members identified Hackage security as an important issue some
> time ago and myself and my colleague Austin have been working on a
> design and implementation.
> The details are in this blog post:
> http://www.well-typed.com/blog/2015/04/improving-hackage-security

Thank you, this is very exciting. But won't the post-release .cabal
update feature interfere with "package index as an append-only log"
concept? IIUC, right now it is implemented as a destructive update of
the corresponding package index entry, so making the package index
immutable will break backwards compatibility.

More information about the Haskell-Cafe mailing list