[Hackage] #214: Package security

Hackage trac at galois.com
Tue May 20 14:31:40 EDT 2008

#214: Package security
  Reporter:  duncan         |        Owner:                 
      Type:  task           |       Status:  new            
  Priority:  normal         |    Milestone:                 
 Component:  miscellaneous  |      Version:        
  Severity:  normal         |   Resolution:                 
  Keywords:                 |   Difficulty:  project(> week)
Ghcversion:  6.8.2          |     Platform:                 
Comment (by guest):

 Replying to [comment:9 myself]:
 > Password protecting packages as discussed on the libraries list

 Actually I liked the idea of limiting the uploaders of packages better,
 because it has a smaller impact on the authors' workflow, and paves the
 way for trusting packages by their base name (which is what {{{cabal-
 install}}} uses to find packages.)

 In a way it's similar to what CPAN does. They force their authors to
 register the namespace they are going to use, and their package names are
 tied to the namespace. (http://www.cpan.org/modules/04pause.html) They
 also have co-maintainers for packages, and they require admin intervention
 for taking over orphaned packages.
 (http://www.nntp.perl.org/group/perl.cvs.perlfaq/2007/07/msg393.html) -

Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/214#comment:12>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects

More information about the cabal-devel mailing list