[Hackage] #214: Package security

Hackage trac at galois.com
Tue May 20 07:06:35 EDT 2008

#214: Package security
  Reporter:  duncan         |        Owner:                 
      Type:  task           |       Status:  new            
  Priority:  normal         |    Milestone:                 
 Component:  miscellaneous  |      Version:        
  Severity:  normal         |   Resolution:                 
  Keywords:                 |   Difficulty:  project(> week)
Ghcversion:  6.8.2          |     Platform:                 
Comment (by guest):

 I worry about the idea of providing "security" or some notion of safety or
 trust only if one behaves "as expected". That seems slightly odd to me.

 Secondly, there has to be a first person or a first five people that grab
 the package to try it out and to give it its initial "rating". And those
 five could be 500 if it's suitably advertised, an oft requested feature or
 a popular idea. Try adding a package to Hackage that claims it adds a
 dependently typed system to Haskell and watch the number of downloads! And
 if such a package as that is trojaned... -- matthew

Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/214#comment:10>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects

More information about the cabal-devel mailing list