Bulat Ziganshin
Hello Isaac,
Wednesday, May 11, 2005, 7:37:07 PM, you wrote:
Security is becoming ever more important, and the Haskell community is growing, thereby increasing the currently remote possibility of deliberate malware. Since installation via hackage will be both automatic, and often performed with root access, it is essential to have a good security model from the beginning.
i suggest some compromise variant: signing packages with gnupg, and including all the necessary functionality in the hackage itself. hackage must be able to generate key and to automatically sign uploaded packages - so this will not require additional skills from package writer as currently don't require from package's users
not every package writer are want and able to master another complex program - in this case, gnupg. and if Haskell popularity will grow, percent of such people among all package writers will grow. look at me as example :)
I hope that cabal-put will cover details of how to use gnupg. It's not terribly hard to do the few things that cabal-put needs, but I hope it can automate them. Hackage will also sign the packages, but that's another part of the chain, and not sufficient. Packagers also have to sign their own packages.
so, i think, that attention must be moved to easying of generating keys and autosigning uploaded packages. if this will be impossible, then we must use, i think, at least simple password scheme for uploading unsigned packages. in any way, hackage server must ensure that packages are not overwitten by non-authors
I agree. peace, isaac