[Hackage] #214: Package security
Hackage
trac at galois.com
Tue May 20 06:47:56 EDT 2008
#214: Package security
----------------------------+-----------------------------------------------
Reporter: duncan | Owner:
Type: task | Status: new
Priority: normal | Milestone:
Component: miscellaneous | Version: 1.2.3.0
Severity: normal | Resolution:
Keywords: | Difficulty: project(> week)
Ghcversion: 6.8.2 | Platform:
----------------------------+-----------------------------------------------
Comment (by duncan):
I accept that it's bad to be able to subvert an existing named package
that has people's trust. #239 is now fixed. I agree that we want a system
to let package authors limit who else should be allowed to upload their
package.
Linking authors to what else they have uploaded is also a good idea.
My point was about a new package that someone uploaded as in the recent
demo and that that's not so much of a problem precisely because its new.
We expect people to download packages they know of or have had
recommended, not random packages.
--
Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/214#comment:9>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects
More information about the cabal-devel
mailing list