On Thu, Jan 31, 2013 at 9:26 AM, Vincent Hanquez <tab@snarc.org> wrote:

On 01/31/2013 06:27 AM, Ertugrul Söylemez wrote:

In any case there is no valid excuse for the lack of crypto. It's too
easy to attack Hackage, so we need some crypto regardless of what we
interpret it as.

My proposal is:

1. Build the necessary machinery into Cabal to allow signing keys and
packages and verifying the signatures, ideally through GnuPG.
Cabal would benefit from that even without cabal-install and
Hackage.

Seems there's lots of suggestion of using gnupg, which is a perfectly valid answer if cabal was unix only, but i'm not sure it's a valid option considering windows. Sure you can install gnupg somehow, but sounds to me it's going the same problem as gtk2hs on windows.

One better way, would be to tap in the 2, work in progress, gnupg haskell replacement:

http://hackage.haskell.org/package/openpgp
http://hackage.haskell.org/package/hOpenPGP

AFAIK, both packages are not yet handling anything related to WoT, but just do the signing/verification (which is same status as my ad-hoc experiment)

In this case I think this is the wrong approach. There must be at least one way to work within a trust model that is not fragile. Whether this is fully supported on all platforms is actually not very important.

I have pointed out why simply signing packages is fragile and how git is better suited for this task. We are not going to reimplement all the good infrastructure that already exists (gpg, git), so making that a requirement is not a good idea IMO.

Basic verification of signatures should work on Windows, I agree. But the underlying WoT should be a little bit more sophisticated. This means it has to be based on standard tools, or it will never happen.

Alexander

_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe