Jochem Berndsen schrieb:

...

On Sun, Nov 01, 2009 at 07:58:00AM -0600, Thomas Hartman wrote:

...

http://hackage.haskell.org

Hackage is down currently, I am seeding the torrent by mauke from IRC on http://mauke.ath.cx/tmp/2009-10-19-hackage-archive.torrent

Cool, is this the beginning of distributed Hackage? Still needs support in 'cabal-install'.

+ Distributed hackage is DHT network.

A DHT has been discussed before on IRC, glad to hear more people voicing the thought.

+ Everything is PGP-signed.

Yes, that would certainly be needed and also came up in our discussion.

+ Everyone can push package into network, everyone can rate package (malicious / SPAM / unstable / stable / etc).

No no no! Why not download the normal (signed) cabal list from the DHT (and optionally directly from hackage.haskell.org)? These are all the packages that would appear on the website. Why serve any other content? All nodes in the DHT may check and make sure the file (or fragment) being served is properly signed. Any desire for popularity or tagging capability should be separate.

+ User maintains list of trusted people's open keys, in order to validate authenticity and see trusted ratings.

This would need further explanation, but in general I'm against requiring user interaction on this level. Thomas

Opportunity cost minimization problem:

...

No no no! Why not download the normal (signed) cabal list from the DHT (and optionally directly from hackage.haskell.org)? These are all the packages that would appear on the website. Why serve any other content? All nodes in the DHT may check and make sure the file (or fragment) being served is properly signed.

Any desire for popularity or tagging capability should be separate.

Because single single hackage private key can be bruteforsed or stolen far easier than lots and lots keys of random people.

...

...

+ User maintains list of trusted people's open keys, in order to validate authenticity and see trusted ratings.

This would need further explanation, but in general I'm against requiring user interaction on this level. You choose who's moderating packages for you. Some well-known community moderators and your trusted friends. If no one rated package yet, then you download and rate, so people who trust you can make decision based on your rate. Kind of social network.

In short, P2P introduces non-determinism. Non-determinism is natural law and otherwise order is not permanent (e.g. ends in non-composability, errors, vulnerabilities, etc): http://www.haskell.org/pipermail/haskell-cafe/2009-November/068432.html What is needed is some way to set up upper bound to the level of non-determinism in some useful domain: http://www.haskell.org/pipermail/haskell-cafe/2009-October/068382.html (space determinism in Haskell) Which are really opportunity cost minimizations: http://forum.bittorrent.org/viewtopic.php?id=28 (my architectural comments about BitTorrent free loading) http://goldwetrust.up-with.com/technology-f8/computers-t112-15.htm#2189 (long winded, not so coherent brainstorming)

I'd say, community -> dcoutts, Igloo, ijones@galois.com hackage.haskell.org/darcs.haskell.org -> {dons,heinelein}@galois.com ndmitchell:

For future reference, if Hackage or community is down where should that be reported to?

On Sun, Nov 1, 2009 at 7:01 PM, Don Stewart wrote:

...

This has been reported to the sysadmins.

tphyahoo:

...

http://hackage.haskell.org _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe

---

Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe