On 08/12/10 10:41, Ketil Malde wrote:
Yes. And you should start with assessing how much cost and
inconvenience you are willing to suffer for the improvement in
security you gain. In this case, my assertion is that the marginal
worsening of security by having a mirror of hackage even without signing
of packages etc., is less than the marginal improvement in usability.
I'm a bit surprised to find that there seems to be a lot of opposition
to this view, but perhaps the existing structure is more secure than I
thought? Or the benefit of a mirror is exaggerated - I can see how
it would be annoying to have hackage down, but it hasn't happened to my,
so perhaps those complaining about it just were very unlucky.
You might have misunderstood what I was talking about. I'm proposing
signing on the hackage server on reception of the package,
where it can be verified by cabal that the package hasn't been signed
properly. This is not about all the way
signing of every uploaders, with chain of trust and such (which has been
proposed by wren).
The implication on the users should be minimal. I mean they shouldn't
even know about it. It would only complain if the signature isn't valid.
--
Vincent
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
