On 17-04-2015 07:04, Michael Snoyman wrote:
https://groups.google.com/d/msg/commercialhaskell/PTbC0p_YFvk/8XqS8wDxgqEJ
Note that I never intended that list to be exhaustive at all! The point is to see if others have security concerns along these lines as well, seems to be the case.
Ok, that's fair enough. And: yes! :) FWIW, I think what people have been asking for is exactly *details*, so that the proposal can be evaluated properly. (I realize that this is a non-trivial amount of work.). For example, a good start would be to evaluate your strawman proposal against the TUF criteria and see where it needs to be fleshed out/beefed up, etc.
I've asked Duncan[1] about how TUF would address some specific concerns I raised (such as Hackage server being compromised), but I haven't heard a response. My guess is that TUF will ended up being a necessary but insufficient part of a solution here, but I unfortunately don't know enough about Well Typed's intended implementation to say more than that.
Michael
[1] Both in the mailing list and on Reddit: http://www.reddit.com/r/haskell/comments/32sezy/ongoing_work_to_improve_hack...
I'm reminded of SPJs usual request for a wiki page *with details* discussing pros/cons of all the proposals for new GHC features. Might it be time to start such a page? (Of course this is not meant to imply any particular *rush* per se, but this is obviously becoming a growing concern in the community.) Regards,