@hackage / hackage-security

Hackage security library

Latest0.6.3.3

About

Metadata

  • Last updated , by MikolajKonarski
  • License BSD-3-Clause
  • Categories Package Distribution

  • Maintained by: cabal-devel@haskell.org

  • Lottery factor: 4

Links

Installation

Tested Compilers

  1. 9.10.3
  2. 9.8.4
  3. 9.6.7
  4. 9.4.8
  5. 9.2.8
  6. 9.0.2
  7. 8.10.7
  8. 8.8.4
  9. 8.6.5
  10. 8.4.4

Package Flags

Use the -f option with cabal commands to enable flags

    cabal-syntax (off by default)

    Are we using Cabal-syntax?

Readme

The hackage security library provides both server and client utilities for securing the Hackage package server (https://hackage.haskell.org/). It is based on The Update Framework (https://theupdateframework.com/), a set of recommendations developed by security researchers at various universities in the US as well as developers on the Tor project (https://www.torproject.org/).

The current implementation supports only index signing, thereby enabling untrusted mirrors. It does not yet provide facilities for author package signing.

The library has two main entry points: Hackage.Security.Client is the main entry point for clients (the typical example being cabal), and Hackage.Security.Server is the main entry point for servers (the typical example being hackage-server).