[Hackage] #239: security hole: anyone can replace a package
Hackage
trac at galois.com
Thu Feb 14 08:34:47 EST 2008
#239: security hole: anyone can replace a package
--------------------------------+-------------------------------------------
Reporter: guest | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: HackageDB website | Version:
Severity: normal | Resolution:
Keywords: | Difficulty: normal
Ghcversion: 6.8.2 | Platform:
--------------------------------+-------------------------------------------
Comment (by guest):
The point of Malcolm's issue isn't uploading packages with the same
version or not - that's irrelevant. It's someone who isn't the maintainer
uploading the package - if they bump the version number they can still
upload it. For what its worth, I want to upload packages with the same
version, so please don't apply the rejecting patch. But I do want to stop
anyone but me uploading packages for anything that I'm the maintainer of!
-- Neil Mitchell
--
Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/239#comment:3>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects
More information about the cabal-devel
mailing list