Define "superior"?

As argued in the proposal, the salient features are that by devolving practically everything to Git+GPG, we end up with less code to maintain in our tooling, less code to maintain in our infrastructure (namely hackage-server), a more reliable service, and a smaller chance of buggering up security related activities (such as signing and managing trust).

We're not introducing dependencies on dynamically linked system libraries that makes tooling hard to distribute. We're not asking users to install anything new that isn't already a staple of most developer desktops, and not asking users, Hackage trustees and Hackage admins to manage new identities with new key formats that aren't the existing ones they already have (namely GnuPG). Further, users can still opt-out of signature verification if they want to.

Compared to alternative approaches - there has been a proposal to get incremental updates à la Git differently by growing (potentially infinitely) the end of a tar file served by the server via HTTP. This means grabbing the history for new package revisions cannot be opted out from easily. With Git, you get this for free, since users can `git clone --depth=1` and still be able to do a `git pull` later and verify signatures. You further get the advantage of being able to directly mine the history of changes, using standard tools, something that can't be done directly on the tar file without more custom tooling (or post conversion to Git).

On 28 April 2015 at 23:33, Bardur Arantsson <spam@scientician.net> wrote:

On 28-04-2015 23:09, Mathieu Boespflug wrote:
> [removing erroneous haskell-cafe@googlegroups.com from To list.]

(I'm not the person you're responing to. From the mail-headers, I can't
see the person(s) you're responding to, but so be it.)

Do you have evidence that your approach is superior, and could you
please cite it? [Or, alternatively provide negative evidence for
$OTHER_APPROACH.])

Regards,

--
You received this message because you are subscribed to the Google Groups "Commercial Haskell" group.
To unsubscribe from this group and stop receiving emails from it, send an email to commercialhaskell+unsubscribe@googlegroups.com.
To post to this group, send email to commercialhaskell@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/commercialhaskell/mhouaf%24it2%241%40ger.gmane.org.

For more options, visit https://groups.google.com/d/optout.