[Haskell-cafe] Ticking time bomb
Alexander Kjeldaas
alexander.kjeldaas at gmail.com
Thu Jan 31 13:28:05 CET 2013
On Thu, Jan 31, 2013 at 12:53 PM, Ketil Malde <ketil at malde.org> wrote:
>
> Ertugrul Söylemez <es at ertes.de> writes:
>
> > And that may even be more harmful, because an insecure system with a
> > false sense of security is worse than an insecure system alone.
>
> Yes. As is clear to all, the current low level of security means that
> nobody are _actually_ downloading stuff of Hackage, thank God. Hackage
> just exists for...well, I forget, but certainly not to distribute
> software. Right.
>
> Sarcasm aside, to some extent, this is true. I used to have a cron job
> 'cabal install'ing my packages off Hackage to ensure that they would
> compile with the current offering of their dependencies. But I decided
> it was way too risky, and don't do it anymore.
>
> > Let's do it properly.
>
> You mean like how it was decisively dealt with when this was discussed
> in 2008?
>
> https://github.com/haskell/cabal/issues/207
>
> Or maybe more the way it was firmly handled when it was brought up again
> in 2010?
>
> http://www.haskell.org/pipermail/haskell-cafe/2010-December/087050.html
>
> This looks increasingly like that time of year when the problem is
> pointed out, the crypto geeks get together to construct the Optimal
> Solution, and then everybody lose interest and move on to greener
> pastures for a while. Well, I don't think the perfect solution exists,
> and even if
> it could be identified, it might not be implemented, and even if
> were implemented, it might not be used.
>
>
Hehe.. hard to argue against history! :-)
Alexander
> We've just been incredibly lucky that nothing really bad has happened so
> far. Let's hope it lasts.
>
> -k
> --
> If I haven't seen further, it is by standing in the footprints of giants
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe at haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20130131/74877432/attachment.htm>
More information about the Haskell-Cafe
mailing list