Hello Isaac, Tuesday, May 10, 2005, 9:21:15 PM, you wrote: IJ> I'm working with Lemmih on the designs for Hackage and Cabal-Get. IJ> He's a real trooper, since I'm a total "customer" and have hardly IJ> written a line of code for these tools, but keep coming up with new IJ> requirements. how about taking Perl's CPAN and Ruby's Yaraa for a model? IJ> The basic interaction we would like is this: IJ> 1) upload a tarball of a cabal-ized tool to the web site IJ> 2) the tarball gets unpacked, the .cabal file is read and added to the IJ> database IJ> 3) Now, an end user can say "cabal-get pkgname" and it'll download IJ> pkgname and all of its build-depends, compile and install them. Use IJ> the --user flag if you want to install it all locally. Yay! IJ> This actually already works :) i think, that many packages authors will prefer to hold archives on their own sites. and imho hackage must provide ability to just send description (package.cabal) to main site, in this case this file must include exact url to download full package. also .cabal file must include "home page" of package and email address of author IJ> The big problem actually is that this is in no way secure, and just IJ> begging to be exploited. Boo. imho best way to deal with this problem is "reserving" package names with password. after that, to change any information belonging to package, password must be supplied IJ> 1) Generate a gnupg key. preferably get it signed by someone in my web IJ> of trust (I'll try to organize a keysigning party at ICFP). yes, yes, we can also use our personal FBI numbers. anyway, someone not working in FBI can't be a good Haskeller :) -- Best regards, Bulat mailto:bulatz@HotPOP.com