[Hackage] #239: security hole: anyone can replace a package

Hackage trac at galois.com
Thu Feb 14 07:07:44 EST 2008

#239: security hole: anyone can replace a package
  Reporter:  guest              |        Owner:        
      Type:  defect             |       Status:  new   
  Priority:  normal             |    Milestone:        
 Component:  HackageDB website  |      Version:        
  Severity:  normal             |   Resolution:        
  Keywords:                     |   Difficulty:  normal
Ghcversion:  6.8.2              |     Platform:        
Comment (by duncan):

 Replying to [comment:1 ross at soi.city.ac.uk]:
 > It used to reject repeat uploads, but people complained.

 What were the complaints? People are not satisfied with just uploading a
 new version? Is there something else that would satisfy them perhaps, like
 allowing hiding old/obsolete/broken versions in the web UI.

Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/239#comment:2>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects

More information about the cabal-devel mailing list