ghc-hackage-security

Hackage security library

The hackage security library provides both server and client utilities for securing the Hackage package server (<<a href="https://hackage.haskell.org/>">https://hackage.haskell.org/></a> ). It is based on The Update Framework (<<a href="https://theupdateframework.com/>">https://theupdateframework.com/></a> ), a set of recommendations developed by security researchers at various universities in the US as well as developers on the Tor project (<<a href="https://www.torproject.org/>">https://www.torproject.org/></a> ). The current implementation supports only index signing, thereby enabling untrusted mirrors. It does not yet provide facilities for author package signing. The library has two main entry points: "Hackage.Security.Client" is the main entry point for clients (the typical example being 'cabal'), and "Hackage.Security.Server" is the main entry point for servers (the typical example being 'hackage-server').