[Hackage] #239: security hole: anyone can replace a package

Hackage trac at galois.com
Thu Feb 14 08:34:47 EST 2008

#239: security hole: anyone can replace a package
  Reporter:  guest              |        Owner:        
      Type:  defect             |       Status:  new   
  Priority:  normal             |    Milestone:        
 Component:  HackageDB website  |      Version:        
  Severity:  normal             |   Resolution:        
  Keywords:                     |   Difficulty:  normal
Ghcversion:  6.8.2              |     Platform:        
Comment (by guest):

 The point of Malcolm's issue isn't uploading packages with the same
 version or not - that's irrelevant. It's someone who isn't the maintainer
 uploading the package - if they bump the version number they can still
 upload it. For what its worth, I want to upload packages with the same
 version, so please don't apply the rejecting patch. But I do want to stop
 anyone but me uploading packages for anything that I'm the maintainer of!

 -- Neil Mitchell

Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/239#comment:3>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects

More information about the cabal-devel mailing list