Menu
Is there any way to ensure authenticity of downloads from hackage? As far as I can see, there's nothing. No https for hackage, and neither (strong) checksums for tarballs, and neither are they signed.
So: how can I verify the authenticity of downloads from hackage?
443
There's been significant work on a new Hackage server Real Soon Now. Matt worked on it for summer of code. Take a look at his blog: http://cogracenotes.wordpress.com/
There's been thought put into managing contributor logins in new and better ways, but not yet into verifying the authenticity of downloads.
Https support, on the other hand, is slated to be part of hackage 2, as I recall.
Signed tarballs sound potentially useful, but there just hasn't been work done to think about implementing them. Hackage is open source, and it would be helpful to either get contributions, or even just carefully thought through feature proposals.
95
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
