> + Distributed hackage is DHT network. A DHT has been discussed before on IRC, glad to hear more people voicing the thought.
> + Everything is PGP-signed. Yes, that would certainly be needed and also came up in our discussion. > + Everyone can push package into network, everyone can rate package > (malicious / SPAM / unstable / stable / etc). No no no! Why not download the normal (signed) cabal list from the DHT (and optionally directly from hackage.haskell.org)? These are all the packages that would appear on the website. Why serve any other content? All nodes in the DHT may check and make sure the file (or fragment) being served is properly signed. Any desire for popularity or tagging capability should be separate. > + User maintains list of trusted people's open keys, in order to > validate authenticity and see trusted ratings. This would need further explanation, but in general I'm against requiring user interaction on this level. Thomas _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe