hackage-security is an effort to bring security to the cabal environment. It is based on The Update Framework (TUF) that has been inspired by tor's built-in software upgrade system. TUF is an implementation-independent spec backed by a number of scientific publications and a reference implementation in python. hackage-security is an effort to implement TUF for hackage/cabal, and has lead to a few improvements and clarifications in the standard on the way.
- Link hackage-server against hackage-security and deliver cryptographically hardened package index and hashes. A toy cabal-install that comes with hackage-security can be used to test this, so there is no need to touch cabal-install.
- Link cabal-install against hackage-security and secure package download and installation. (A tool for running secure local hackage repositories comes with hackage-security, so there is no eneed to touch hackage-server.)
- Add support for cryptographic credentials to cabal config parser.
- hackage-server comes with a mirroring tool (MirrorClient.hs) for keeping to hackage servers in sync. Re-write the download and/or upload part so it provides TUF security guarantees for the mirror and its users.
An introduction to hackage-security (slightly outdated, but links to further reading):