The reason for mirror was avilability, yes, and when the signatures were only on the central sever, then the user could choose not to install packages from mirrors, when they were not available.
But now if the signatures were generated by the uploader, then the morrors would be just as secure as the central? I mean -- if we don't trust DNS, then the main hackage has no special security advantages? -- Markus Läll
_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
