<div dir="ltr"><div>If typo-squatting is a thing, they should be done against existing packages, not for non-existing ones... I don't think it should prevent uploading an innocent package anyway.</div><div><br></div><div>Btw there are way more confusing ones, like promise vs. promises, future vs. futures...<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">2021年12月9日(木) 6:59 David Feuer <<a href="mailto:david.feuer@gmail.com">david.feuer@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">How are the trustees to know whether someone "deserves" to take a security sensitive name? And "typos" can often be intentional when two packages each deserve similar names. I think it's reasonable for trustees to step in if a name is actually abused, but I don't support squatting.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Dec 8, 2021, 4:53 PM Carter Schonwald <<a href="mailto:carter.schonwald@gmail.com" target="_blank">carter.schonwald@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Yeah. Typo squatting is or case squatting in helping preventing weird security / bug issues sounds sane to me </div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Dec 8, 2021 at 3:00 PM Jon Purdy <<a href="mailto:evincarofautumn@gmail.com" rel="noreferrer" target="_blank">evincarofautumn@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><br></div>On Fri, Dec 3, 2021 at 6:34 AM Fumiaki Kinoshita <<a href="mailto:fumiexcel@gmail.com" rel="noreferrer" target="_blank">fumiexcel@gmail.com</a>> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Looking at other "reserved package names in the list, "all", "project", "test" are understandable but it's hard to think of any reason why oath should be reserved.<br></div></blockquote><div><br></div><div>When I first saw this thread, I guessed that it was reserved to prevent typosquatting for “oauth” (<a href="https://en.wikipedia.org/wiki/OAuth" rel="noreferrer" target="_blank">OAuth</a>).</div><div><br></div></div></div>
_______________________________________________<br>
Libraries mailing list<br>
<a href="mailto:Libraries@haskell.org" rel="noreferrer" target="_blank">Libraries@haskell.org</a><br>
<a href="http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries" rel="noreferrer noreferrer" target="_blank">http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries</a><br>
</blockquote></div></div>
_______________________________________________<br>
Libraries mailing list<br>
<a href="mailto:Libraries@haskell.org" rel="noreferrer" target="_blank">Libraries@haskell.org</a><br>
<a href="http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries" rel="noreferrer noreferrer" target="_blank">http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries</a><br>
</blockquote></div>
_______________________________________________<br>
Libraries mailing list<br>
<a href="mailto:Libraries@haskell.org" target="_blank">Libraries@haskell.org</a><br>
<a href="http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries" rel="noreferrer" target="_blank">http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries</a><br>
</blockquote></div>