[Hackage] #214: Package security

Hackage trac at galois.com
Tue May 20 06:47:56 EDT 2008

#214: Package security
  Reporter:  duncan         |        Owner:                 
      Type:  task           |       Status:  new            
  Priority:  normal         |    Milestone:                 
 Component:  miscellaneous  |      Version:        
  Severity:  normal         |   Resolution:                 
  Keywords:                 |   Difficulty:  project(> week)
Ghcversion:  6.8.2          |     Platform:                 
Comment (by duncan):

 I accept that it's bad to be able to subvert an existing named package
 that has people's trust. #239 is now fixed. I agree that we want a system
 to let package authors limit who else should be allowed to upload their

 Linking authors to what else they have uploaded is also a good idea.

 My point was about a new package that someone uploaded as in the recent
 demo and that that's not so much of a problem precisely because its new.
 We expect people to download packages they know of or have had
 recommended, not random packages.

Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/214#comment:9>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects

More information about the cabal-devel mailing list