Re: [Haskell-cafe] Ticking time bomb

31 Jan 2013


      On Thu, Jan 31, 2013 at 12:53 PM, Ketil Malde  wrote:
...
Ertugrul Söylemez  writes:
...
And that may even be more harmful, because an insecure system with a
false sense of security is worse than an insecure system alone.
Yes.  As is clear to all, the current low level of security means that
nobody are _actually_ downloading stuff of Hackage, thank God.  Hackage
just exists for...well, I forget, but certainly not to distribute
software.  Right.
Sarcasm aside, to some extent, this is true.  I used to have a cron job
'cabal install'ing my packages off Hackage to ensure that they would
compile with the current offering of their dependencies.  But I decided
it was way too risky, and don't do it anymore.
...
Let's do it properly.
You mean like how it was decisively dealt with when this was discussed
in 2008?
https://github.com/haskell/cabal/issues/207
Or maybe more the way it was firmly handled when it was brought up again
in 2010?
http://www.haskell.org/pipermail/haskell-cafe/2010-December/087050.html
This looks increasingly like that time of year when the problem is
pointed out, the crypto geeks get together to construct the Optimal
Solution, and then everybody lose interest and move on to greener
pastures for a while.  Well, I don't think the perfect solution exists,
and even if
it could be identified, it might not be implemented, and even if
were implemented, it might not be used.
Hehe.. hard to argue against history! :-)

Alexander
...
We've just been incredibly lucky that nothing really bad has happened so
far.  Let's hope it lasts.
-k
--
If I haven't seen further, it is by standing in the footprints of giants
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe

Re: [Haskell-cafe] Ticking time bomb

Alexander Kjeldaas