<div dir="ltr"><br><br><div class="gmail_quote">On Wed, Apr 15, 2015 at 9:14 AM Gershom B <<a href="mailto:gershomb@gmail.com">gershomb@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On April 15, 2015 at 1:57:07 AM, Michael Snoyman (<a href="mailto:michael@snoyman.com" target="_blank">michael@snoyman.com</a>) wrote:<br>
> I'm not intimately familiar with the Hackage API, so I can't give a<br>
> point-by-point description of what information is and is not auditable.<br>
<br>
Okay, then why did you write "There's a lot of stuff going on inside of Hackage which we have no insight into or control over.”?<br>
<br>
I would very much like to have a clarifying discussion, as you are gesturing towards some issue we should think about. But it is difficult when you make broad claims, and are not able to explain what they mean.<br>
<br>
Cheers,<br>
Gershom<br></blockquote><div><br></div><div>I think you're reading too much into my claims, and specifically on the unimportant aspects of them. I can clarify these points, but I think drilling down deeper is a waste of time. To answer this specific question:</div><div><br></div><div>* There's no clarity on *why* change was approved. I see that person X uploaded a revision, but why was person X allowed to do so?</div><div>* I know of no way to see the history of authorization rules.</div><div> * Was JohnDoe always a maintainer of foobar, or was that added at some point?</div><div> * Who added this person as a maintainer?</div><div> * Who gave this other person trustee power? Who took it away?</div><div><br></div><div>All of these things would come for free with an open system where authorization rules are required to be encoded in a freely viewable file, and signature are used to verify the data.</div><div><br></div><div>And to be clear, to make sure no one thinks I'm saying otherwise: I don't think Hackage has done anything wrong by approaching things the way it has until now. I probably would have come up with a very similar system. I'm talking about new functionality and requirements that weren't stated for the original system. Don't take this as "Hackage is bad," but rather, "time to batten down the hatches."</div><div><br></div><div>Michael</div></div></div>