hackage-security: Hackage security library

This is a package candidate release! Here you can preview how this package release will appear once published to the main package index (which can be accomplished via the 'maintain' link below). Please note that once a package has been published to the main package index it cannot be undone! Please consult the package uploading documentation for more information.

[maintain] [Publish]

The hackage security library provides both server and client utilities for securing the Hackage package server (http://hackage.haskell.org/). It is based on The Update Framework (http://theupdateframework.com/), a set of recommendations developed by security researchers at various universities in the US as well as developers on the Tor project (https://www.torproject.org/).

The current implementation supports only index signing, thereby enabling untrusted mirrors. It does not yet provide facilities for author package signing.

The library has two main entry points: Hackage.Security.Client is the main entry point for clients (the typical example being cabal), and Hackage.Security.Server is the main entry point for servers (the typical example being hackage-server).

Properties

Versions	0.1.0.0, 0.2.0.0, 0.3.0.0, 0.5.0.0, 0.5.0.1, 0.5.0.2, 0.5.1.0, 0.5.2.0, 0.5.2.1, 0.5.2.2, 0.5.3.0, 0.6.0.0, 0.6.0.0, 0.6.0.1, 0.6.1.0, 0.6.2.0, 0.6.2.1, 0.6.2.2, 0.6.2.3, 0.6.2.4, 0.6.2.5, 0.6.2.6
Change log	ChangeLog.md
Dependencies	base (>=4.5 && <4.14), base16-bytestring (>=0.1.1 && <0.2), base64-bytestring (>=1.0 && <1.1), bytestring (>=0.9 && <0.11), Cabal (>=1.14 && <1.26 \|\| >=2.0 && <2.6 \|\| >=3.0 && <3.2), containers (>=0.4 && <0.7), cryptohash-sha256 (>=0.11 && <0.12), directory (>=1.1.0.2 && <1.4), ed25519 (>=0.0 && <0.1), filepath (>=1.2 && <1.5), ghc-prim, lukko (>=0.1 && <0.2), mtl (>=2.1 && <2.3), mtl-compat (>=0.2 && <0.3), network (>=2.5 && <2.9 \|\| >=3.0 && <3.2), network-uri (>=2.6 && <2.7), old-locale (>=1.0 && <1.1), old-time (>=1 && <1.2), parsec (>=3.1 && <3.2), pretty (>=1.0 && <1.2), tar (>=0.5 && <0.6), template-haskell, time (>=1.2 && <1.10), transformers (>=0.3 && <0.6), zlib (>=0.5 && <0.7) [details]
License	BSD-3-Clause
Copyright	Copyright 2015-2016 Well-Typed LLP
Author	Edsko de Vries
Maintainer	cabal-devel@haskell.org
Category	Distribution
Home page	https://github.com/haskell/hackage-security
Bug tracker	https://github.com/haskell/hackage-security/issues
Source repo	head: git clone https://github.com/haskell/hackage-security.git
Uploaded	by HerbertValerioRiedel at 2019-11-28T23:26:10Z

Modules

[Index] [Quick Jump]

Flags

Manual Flags

Name	Description	Default
lukko	Use `lukko` for file-locking, otherwise use `GHC.IO.Handle.Lock`	Enabled

Automatic Flags

Name	Description	Default
base48	Are we using `base` 4.8 or later?	Enabled
use-network-uri	Are we using `network-uri`?	Enabled
old-directory	Use `directory` < 1.2 and `old-time`	Disabled
mtl21	Use `mtl` < 2.2 and `mtl-compat`	Disabled

Use -f <flag> to enable a flag, or -f -<flag> to disable that flag. More info

Downloads

hackage-security-0.6.0.0.tar.gz [browse] (Cabal source package)
Package description (as included in the package)

Maintainer's Corner

Package maintainers

AndreasAbel, DuncanCoutts, EdskoDeVries, HerbertValerioRiedel, MikolajKonarski

For package maintainers and hackage trustees

edit package information