16 Apr
2015
16 Apr
'15
1:14 p.m.
Hi,
On 16 April 2015 at 11:33, Duncan Coutts
All,
The IHG members identified Hackage security as an important issue some time ago and myself and my colleague Austin have been working on a design and implementation.
The details are in this blog post:
http://www.well-typed.com/blog/2015/04/improving-hackage-security
Thank you, this is very exciting. But won't the post-release .cabal update feature interfere with "package index as an append-only log" concept? IIUC, right now it is implemented as a destructive update of the corresponding package index entry, so making the package index immutable will break backwards compatibility.