-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA384 Gabriel,
On 04/17/2015 08:52, Gabriel Scherer wrote: > (Since this thread was last active there have been very promising > discussions on security that could see the day for OPAM 1.3.) > > This list may be interested in the recent plan/proposal for > security in Hackage (Haskell's package distribution > infrastructure), which are basically "follow TUF": > http://www.well-typed.com/blog/2015/04/improving-hackage-security/ thanks for the pointer. A very well written proposal. Some discussion was on the opam-devel mailing list [1]. The general idea is very similar to Haskell: use TUF, make it painless for package maintainers. Louis and I wanted to come up with concrete usage scenarios (client / maintainer / new maintainer / key revocation/loss). hannes 1: http://lists.ocaml.org/pipermail/opam-devel/2015-March/000991.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCQAGBQJVMMmKAAoJELyJZYjffCju85wP/j8sjfLvth1j+qbMq3ImR5vB hgcs6em2P9QCAGRLHUJCQzzkXBYUT/Mdh2QbaFd8XboG/GPioose3DH3RyGn8dmD 4Z2qCWPLcWZDMgZE+2R2sV5PihRGnyAmiGlQN6PTopp2UxawnSHpTb0Go7kHQ08I SaBQxQ8v2PvfX2ZVBvS8y/ZifOxhzfqAudua5qfTiJivC9YRvQgizopCFC8pnEDX KAMzSeoIKID4/b7tLdp56c01IVxfhxeWFcFHF8rzEJJ7jh2T6EKL67CUNTYFKkL1 3ExdClsMQF6xSBC/tgTRlRXyPNCAz9k48PE/I7PpVDpf4MWnIIfisQ1BiMO3Klm/ v+c78zhdEQ6MTj49xESaMWZrigEhstRMQomJWA9XoYBBS+Ki+FnyYwx++dpH7V4k FmPx3++r0zo2beKL79fQrPT3Z8cYjPJC8RXllq9JJQtFozYgJctGuGGB3c+0iAQR bKV3yNfzM8AXPo0p25tlwCi4Eu3NpZsjK4LY3eXp8+uejTqDAQnHgVpTO3q/XSfk A6tiiAUv4veYLmlpYEljZHnpLVASFKpLAD5z80kTrLwKAZsju5DaKx0pCOrXBQqF 3W3EeHKw9QO6RNuGKBXCtcbTIqpz59uvwECJa40+Egmh6yTKce7zpdQAjpF/dxPF feRiWfuTtImBa8EVfn74 =0kwQ -----END PGP SIGNATURE----- _______________________________________________ Platform mailing list [email protected] http://lists.ocaml.org/listinfo/platform
