[Hackage] #214: Package security
Hackage
trac at galois.com
Mon May 19 22:50:55 EDT 2008
#214: Package security
----------------------------+-----------------------------------------------
Reporter: duncan | Owner:
Type: task | Status: new
Priority: normal | Milestone:
Component: miscellaneous | Version: 1.2.3.0
Severity: normal | Resolution:
Keywords: | Difficulty: project(> week)
Ghcversion: 6.8.2 | Platform:
----------------------------+-----------------------------------------------
Comment (by guest):
''As for users downloading bad packages, perhaps we should ask why they
might be more likely to download and run an unknown package from hackage
than say 132.73.41.22/hax0r.sh.''
I think {{{cabal install}}} is a fair answer to that question. Together
with #239 we have a real security problem, because it makes package names
untrustworthy. Password protecting packages as discussed on the libraries
list would help there. - int-e
--
Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/214#comment:7>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects
More information about the cabal-devel
mailing list