summaryrefslogtreecommitdiff
blob: 4a4ad2a438d2761820c679575a82197a391430d2 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
<pkgmetadata>
	<maintainer type="project">
		<email>haskell@gentoo.org</email>
		<name>Gentoo Haskell</name>
	</maintainer>
	<use>
		<flag name="use-network-uri">Get Network.URI from the network-uri package.</flag>
		<flag name="network-uri">Get Network.URI from the network-uri package.</flag>
	</use>
	<longdescription>
		The hackage security library provides both server and
		client utilities for securing the Hackage package server
		(&lt;http://hackage.haskell.org/&gt;).  It is based on The Update
		Framework (&lt;http://theupdateframework.com/&gt;), a set of
		recommendations developed by security researchers at
		various universities in the US as well as developers on the
		Tor project (&lt;https://www.torproject.org/&gt;).
		
		The current implementation supports only index signing,
		thereby enabling untrusted mirrors. It does not yet provide
		facilities for author package signing.
		
		The library has two main entry points:
		"Hackage.Security.Client" is the main entry point for
		clients (the typical example being @cabal@), and
		"Hackage.Security.Server" is the main entry point for
		servers (the typical example being @hackage-server@).
		
		This is a beta release.
	</longdescription>
	<upstream>
		<remote-id type="github">well-typed/hackage-security</remote-id>
	</upstream>
</pkgmetadata>