Theres a Haskell-infrastructure team that is now managing much of the
community infrastructure, talk with them if you want to get involved.
they're often found on the #haskell-infrastructure irc channel on freenode
and they're amazingly responsive (despite being all volunteers)
On Sun, Nov 3, 2013 at 1:19 PM, Niklas Hambüchen
On 03/11/13 17:49, Scott Lawrence wrote:
Even if you do expose the private key to other people, there's no way for them to know that the administrator didn't also send it somewhere else -- you can't prove that somebody hasn't duplicated information, without making sure they don't have access to the information (which the admin must).
At the end of the day, trusting admins is what almost always happens. The other route is for packages to be individually signed by developers. As I recall, that's been explicitly discussed and informally rejected here before, on the grounds that it makes the uploading process significantly more cumbersome for many people.
It is clear that putting HTTPS on the Hackage web site is the first step.
Then comes cabal SSL support, and then maybe in the future the package signing.
Once again, could we please just go ahead and push forward that the SSL certificate gets on the web server?
As Jason Dagit said:
We do have folks assigned to putting the cert in place and configuring everything, they just need a bit more time (More volunteers would help too, but that's longer term.)
Who are the folks, and what needs more time?
There seem to be a lot of volunteers around who would like to help (for example, I have asked for this multiple times over the last years and this thread shows that there are many more people interested in it). _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe