Incidentally, having read your post on splitting things up a bit when I got back from holiday, I agree there are certainly valid complaints there. I'm not at all averse to factoring the hackage-server implementation slightly differently, perhaps so that the core index and package serving is handled by a smaller component (e.g. a dumb http server). For 3rd party services, the goal has always been for the hackage-server impl to provide all of its data in useful formats. No doubt that can be improved. Pull requests gratefully accepted.
Awesome. Sounds like we're in broad agreement.
I see this security stuff as a big deal for the reliability because it will allow us to use public untrusted mirrors. That's why it's important to cover every package. That and perhaps a bit of refactoring of the hackage server should give us a very reliable system.
Indeed - availability by both reliability and redundancy. I still have some catching up to do on the technical content of your proposal and others - let me comment on that later. But either way I can certainly agree with the goal of reducing the size of the trusted base while simultaneously expanding the number of points of distribution. In the meantime, mirrors already exist (e.g. http://hackage.fpcomplete.com/), but as you say, they need to be trusted, in addition to having to trust Hackage. Thanks again for your detailed blog post and the context it provides. Best, Mathieu