Re: [Haskell-cafe] Offer to mirror Hackage

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/7/10 08:07 , Ketil Malde wrote:

Dan Knapp writes:

...

I agree that signed packages are a good idea. We should move with all haste to implement them. But I'm not sure we want to hold up everything else while we wait for that.

IMO, mirroring is orthogonal to that, too.

Only if you consider security a minor or non-issue. I'm tempted to say anyone who believes that on the modern Internet is at best naïve. (Although admittedly security is one of my work foci.) - -- brandon s. allbery [linux,solaris,freebsd,perl] allbery@kf8nh.com system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu electrical and computer engineering, carnegie mellon university KF8NH -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkz+k3YACgkQIn7hlCsL25W7PACdHUuh5zaPZeBTprMvN+HcLslu VV0AoJVgmDbBZyZtcX57fGWkGeW2dT/3 =Gqlm -----END PGP SIGNATURE-----