On 01/30/2013 08:27 PM, Edward Z. Yang wrote:
https://status.heroku.com/incidents/489
Unsigned Hackage packages are a ticking time bomb.
Somewhere else that shall not be mentioned, someone posted this link which points to an interesting solution to this problem: http://www.futurealoof.com/posts/nodemodules-in-git.html It requies a little basic knowledge of the Node Package Manager to understand. Here's a little summary that should it easier to understand for people who are not familiar with NodeJS: The Node Package Manager (npm) is the Node JS equivalent of cabal-install(*). When you install a module (think Haskell package off Hackage) using "npm", it installs into a directory called "node_modules" in the project's directory instead of installing into a global name space. When a NodeJS program imports a required module, it is first looked up in the "node_modules" directory _before_ looking in the global package database. Since modules *are* their source, you can check all of this into the revision control system of your choice. It seems to me that "cabal install" could do something very similar to solve many of the "cabal hell" and potential security issues when users blindly do "cabal install". (*) Yeah, yeah, not a package manager. In practice it's being used as one, so...