[Hackage] #239: security hole: anyone can replace a package

Hackage trac at galois.com
Wed Feb 20 11:13:20 EST 2008

#239: security hole: anyone can replace a package
  Reporter:  guest              |        Owner:        
      Type:  defect             |       Status:  closed
  Priority:  normal             |    Milestone:        
 Component:  HackageDB website  |      Version:        
  Severity:  normal             |   Resolution:  fixed 
  Keywords:                     |   Difficulty:  normal
Ghcversion:  6.8.2              |     Platform:        
Changes (by ross at soi.city.ac.uk):

  * status:  new => closed
  * resolution:  => fixed


 Package pages now show who uploaded and when.  The upload page now
 contains a warning that re-uploading is about to disappear.  I think that
 covers the concrete suggestions in the original report, and we don't have
 consensus for stronger enforcement.  I've created ticket #243 for Ian's
 suggestion of notification emails.

Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/239#comment:8>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects

More information about the cabal-devel mailing list