[Haskell-cafe] Offer to mirror Hackage

[Brandon Moore]

On Dec 13, 2010, at 6:15 PM, wren ng thornton <wren at freegeek.org> wrote:

On 12/13/10 8:25 AM, Paul Sargent wrote:
How about, as a cheep and cheerful method to get up running. If the premise
is that the original server is trustworthy and the mirrors aren't, then:

1) Hash all packages on the original server.
2) Hash goes into a side car file (e.g.<packagename>.sha) that lives next
to the package


If hashed are added to the package information "cabal update" downloads, installing packages from mirrors will continue to work during a central outage.

I still contend that we shouldn't have to trust the central server either. The hash can be created alongside the sdist on the maintainer's computer, and then both are uploaded to central. Thus, the maintainer can verify that the hash on central matches their own, which ensures that:

For now, it's enough to find a simple scheme where adding untrusted mirrors is no worse than the current situation. Hashes seem to work for that:
1. cabal update always reads from the central server (if uploads are impossible when the central server is down, the package lit won't even get stale)
2. The package descriptions are extended with hashes
3. Cabal may download packages from mirrors, but checks the hash.

Your proposal doesn't narrow trust to the maintainers (which is currently open to the public anyway), because an adversary as described could return the correct hash and package for the maintainer, and the corrupted version to others.

Brandon