Hi folks, We're doing an alpha release of the hackage security work today and we'd like to invite you all to help test it.
In addition to the security improvements it includes automatic use of mirrors (including the server distributing a list of available public mirrors) and includes incremental downloads of the hackage index, so cabal update should be a lot faster. At this alpha stage we would like some but not too many users to try it out, so when things do break we don't have it break for too many people all at once. But subscribers to this list are just the kind of expert users who we'd like to try it out and report issues. In particular we're interested in any problems caused by crazy proxies and annoying things of that ilk. During the beta we'll make the whole thing a bit more user friendly to get more people to try it out. So for the moment you have to grab things from git branches etc. All the details are in this blog post: http://www.well-typed.com/blog/2015/07/hackage-security-alpha/ As it says there, report issues in the github bug tracker. Oh and I don't think we say it in the blog post but the idea is that for any of the new library dependences for the security stuff, if any of them are problematic we can just bundle them with cabal-install (we'll probably just bundle them all). The design deliberately keeps these dependencies to a minimum: SHA256 hashing, ed25519 signing/checking provided by minimal bundled C code. For the alpha the cabal-install integration just uses these as external dependencies. -- Duncan Coutts, Haskell Consultant Well-Typed LLP, http://www.well-typed.com/ _______________________________________________ cabal-devel mailing list cabal-devel@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/cabal-devel
