With the wonderful advent of sandboxes in mainline cabal, I'd like to see what folks think of a flag to disable remote fetching of dependencies. The idea is that one could `cabal sandbox add-source` a set of trusted dependencies, and then be assured that a subsequent `cabal install --no-remote-fetching` would *only* resolve dependencies in that trusted set.

I'd be willing to explore implementing this myself, if it would be appropriate for a first-time cabal hacker. I'm also quite interested to hear whether this would be a useful feature for others, or other ways you might propose to address the problem.

I also understand that I can get this behavior by modifying the ~/.cabal/config, but this is a kludgey approach that is not workable in all deployment environments.

Thanks!

Adam