No no no! Why not download the normal (signed) cabal list from the
DHT (and optionally directly from hackage.haskell.org)? These are all
the packages that would appear on the website. Why serve any other
content? All nodes in the DHT may check and make sure the file (or
fragment) being served is properly signed.
Any desire for popularity or tagging capability should be separate.
Because single single hackage private key can be bruteforsed or stolen
far easier than lots and lots keys of random people.
+ User maintains list of trusted people's open keys, in order to
validate authenticity and see trusted ratings.
This would need further explanation, but in general I'm against
requiring user interaction on this level.
You choose who's moderating packages for you. Some well-known community
moderators and your trusted friends. If no one rated package yet, then
you download and rate, so people who trust you can make decision based
on your rate.
Kind of social network.
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
