[Hackage] #214: Package security
Hackage
trac at galois.com
Tue May 20 07:06:35 EDT 2008
#214: Package security
----------------------------+-----------------------------------------------
Reporter: duncan | Owner:
Type: task | Status: new
Priority: normal | Milestone:
Component: miscellaneous | Version: 1.2.3.0
Severity: normal | Resolution:
Keywords: | Difficulty: project(> week)
Ghcversion: 6.8.2 | Platform:
----------------------------+-----------------------------------------------
Comment (by guest):
I worry about the idea of providing "security" or some notion of safety or
trust only if one behaves "as expected". That seems slightly odd to me.
Secondly, there has to be a first person or a first five people that grab
the package to try it out and to give it its initial "rating". And those
five could be 500 if it's suitably advertised, an oft requested feature or
a popular idea. Try adding a package to Hackage that claims it adds a
dependently typed system to Haskell and watch the number of downloads! And
if such a package as that is trojaned... -- matthew
--
Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/214#comment:10>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects
More information about the cabal-devel
mailing list