On 01/30/2013 07:27 PM, Edward Z. Yang wrote:
https://status.heroku.com/incidents/489
Unsigned Hackage packages are a ticking time bomb.
I agree this is terrible, I've started working on this, but this is
quite a bit of work and other priorities always pop up.
https://github.com/vincenthz/cabal
https://github.com/vincenthz/cabal-signature
My current implementation generate a manifest during sdist'ing in cabal,
and have cabal-signature called by cabal on the manifest to create a
manifest.sign.
The main issue i'm facing is how to create a Web of Trust for doing all
the public verification bits.
--
Vincent
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
