Safe Haskell | Safe-Inferred |
---|---|
Language | Haskell2010 |
Synopsis
- queryBootstrapMirrors :: Verbosity -> URI -> IO [URI]
Documentation
queryBootstrapMirrors :: Verbosity -> URI -> IO [URI] Source #
Try to lookup RFC1464-encoded mirror urls for a Hackage
repository url by performing a DNS TXT lookup on the
_mirrors.
-prefixed URL hostname.
Example: for http://hackage.haskell.org/
perform a DNS TXT query for the hostname
_mirrors.hackage.haskell.org
which may look like e.g.
_mirrors.hackage.haskell.org. 300 IN TXT "0.urlbase=http://hackage.fpcomplete.com/" "1.urlbase=http://objects-us-west-1.dream.io/hackage-mirror/"
NB: hackage-security doesn't require DNS lookups being trustworthy,
as the trust is established via the cryptographically signed TUF
meta-data that is retrieved from the resolved Hackage repository.
Moreover, we already have to protect against a compromised
hackage.haskell.org
DNS entry, so an the additional
_mirrors.hackage.haskell.org
DNS entry in the same SOA doesn't
constitute a significant new attack vector anyway.