Hello Isaac, Wednesday, May 11, 2005, 7:37:07 PM, you wrote:
Security is becoming ever more important, and the Haskell community is growing, thereby increasing the currently remote possibility of deliberate malware. Since installation via hackage will be both automatic, and often performed with root access, it is essential to have a good security model from the beginning.
i suggest some compromise variant: signing packages with gnupg, and including all the necessary functionality in the hackage itself. hackage must be able to generate key and to automatically sign uploaded packages - so this will not require additional skills from package writer as currently don't require from package's users not every package writer are want and able to master another complex program - in this case, gnupg. and if Haskell popularity will grow, percent of such people among all package writers will grow. look at me as example :) IJ> Since we will actually accept packages without signatures, I think IJ> this isn't too bad of a problem. Users will get a warning if the key IJ> is untrusted, and asked if they want to continue. Hopefully this will IJ> present enough of a barrier for script-kiddies and an incentive for IJ> packagers to get their keys signed. the purpose of protecting packages is to ensure that package we downloading are uploaded by author of original version and noone else. Both schemes (simple password and gnupg) reaches this goal Reliable identification of package author matter only in some cases and absolutely not the point when packages are automatically downloaded as part of installing complex software But completely unprotected packages will be a real problem so, i think, that attention must be moved to easying of generating keys and autosigning uploaded packages. if this will be impossible, then we must use, i think, at least simple password scheme for uploading unsigned packages. in any way, hackage server must ensure that packages are not overwitten by non-authors -- Best regards, Bulat mailto:bulatz@HotPOP.com