[Hackage] #239: security hole: anyone can replace a package
Hackage
trac at galois.com
Wed Feb 20 11:13:20 EST 2008
#239: security hole: anyone can replace a package
--------------------------------+-------------------------------------------
Reporter: guest | Owner:
Type: defect | Status: closed
Priority: normal | Milestone:
Component: HackageDB website | Version:
Severity: normal | Resolution: fixed
Keywords: | Difficulty: normal
Ghcversion: 6.8.2 | Platform:
--------------------------------+-------------------------------------------
Changes (by ross at soi.city.ac.uk):
* status: new => closed
* resolution: => fixed
Comment:
Package pages now show who uploaded and when. The upload page now
contains a warning that re-uploading is about to disappear. I think that
covers the concrete suggestions in the original report, and we don't have
consensus for stronger enforcement. I've created ticket #243 for Ian's
suggestion of notification emails.
--
Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/239#comment:8>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects
More information about the cabal-devel
mailing list