[Haskell-cafe] Improvements to package hosting and security
Tillmann Rendel
rendel at informatik.uni-tuebingen.de
Sat May 2 10:43:52 UTC 2015
Hi,
[I decided to drop haskell-infrastructure at community.galois.com from the
CC list because for my last message in this thread, I got some noise
about moderation].
amindfv at gmail.com wrote:
> I think the idea is that package signing is not a requirement, but
> that git is a requirement for package signing. So users can still get
> the behavior that they get today, without git.
So there would be `cabal update --unsigned` and `cabal update --signed`
and the former doesn't need git?
I skimmed the the proposal at
https://github.com/commercialhaskell/commercialhaskell/wiki/Git-backed-Hackage-index-signing-and-distribution
and did not find this information there. Instead, I found this snippet:
> Especially in developing countries, it would be a real liability for
> Haskell if the first step before doing anything is having to download
> a 1GB Git archive. Especially considering that given the current
> growth curve, the Git repository with all content imported will
> likely be hitting 2GB by this time next year, and so on.
This sounds as if for all Haskell users, "the first step before doing
anything" would have to be to use git.
Tillmann
PS. BTW, check out this stack overflow question to understand why
installing and configuring git will be hard for some Haskell users on
Windows:
http://stackoverflow.com/questions/30000688/windows-loading-haskell-source-code-into-ghci
More information about the Haskell-Cafe
mailing list