<span>I feel that this is the wrong direction to take and will add more burden on people that we shouldn't be adding additional burden to. It's also the wrong "optics".</span><div><span><br></span></div><div><span>I just had a quick squizz at Hackage with a simple PR you'll be able to remove the incentives for this behaviour.</span><div><br></div><div>Add "nofollow" to any links supplied by the user or that are rendered as part of parsing user input.</div><div><br></div><div><a href="https://support.google.com/webmasters/answer/96569?hl=en">https://support.google.com/webmasters/answer/96569?hl=en</a><br></div><div><br></div><div>The .NET ecosystem recently went through these same notions for the same reasons - here's the PR </div><div><br></div><div><a href="https://github.com/NuGet/NuGetGallery/pull/4841/files">https://github.com/NuGet/NuGetGallery/pull/4841/files</a><br></div><div><br><div class="gmail_quote"><div dir="ltr">On Fri., 23 Feb. 2018, 10:38 am Matthias Kilian, <<a href="mailto:kili@outback.escape.de">kili@outback.escape.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
On Thu, Feb 22, 2018 at 05:54:33PM -0500, Gershom B wrote:<br>
> In the meantime, as a short term measure, we have changed new account<br>
> registration policies on hackage.<br>
><br>
> Users can still register as before, but new users do _not_ have upload<br>
> rights until they explicitly request them and are granted them by a<br>
> human being.<br>
><br>
> (This is actually how we had configured hackage to work on initial<br>
> deployment -- we loosened things up for some years as the extra step<br>
> seemed unnecessary).<br>
<br>
Does this mean that before the todays change, anyone (or anything)<br>
could register and upload packages without any review and without<br>
any acknowledgement for trustfulness by another person? Does it<br>
maen that one can't trust *any* package on <a href="http://hackage.haskell.org" rel="noreferrer" target="_blank">hackage.haskell.org</a> at<br>
least a little bit (based on trust between acknowledging persons<br>
and reputation) without reviewing the package's source code?<br>
<br>
Ciao,<br>
Kili<br>
_______________________________________________<br>
Haskell mailing list<br>
<a href="mailto:Haskell@haskell.org" target="_blank">Haskell@haskell.org</a><br>
<a href="http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell" rel="noreferrer" target="_blank">http://mail.haskell.org/cgi-bin/mailman/listinfo/haskell</a><br>
</blockquote></div></div></div>