[Hackage] #214: Package security
Hackage
trac at galois.com
Tue May 20 15:33:09 EDT 2008
#214: Package security
----------------------------+-----------------------------------------------
Reporter: duncan | Owner:
Type: task | Status: new
Priority: normal | Milestone:
Component: miscellaneous | Version: 1.2.3.0
Severity: normal | Resolution:
Keywords: | Difficulty: project(> week)
Ghcversion: 6.8.2 | Platform:
----------------------------+-----------------------------------------------
Comment (by ross):
Replying to [comment:12 guest]:
> Replying to [comment:9 myself]:
> > Password protecting packages as discussed on the libraries list
>
> Actually I liked the idea of limiting the uploaders of packages better,
because it has a smaller impact on the authors' workflow, and paves the
way for trusting packages by their base name (which is what {{{cabal-
install}}} uses to find packages.)
I suspect that Bulat, who proposed that, didn't realize that we have
password authentication for users.
There may be an inevitable logic to what you say. Still, there's only
been one case so far of someone overwriting a package, and that wouldn't
have happened if we had had a policy on display. Almost all of the
problems so far have been with the first upload (by a non-maintainer), and
this machinery wouldn't help there, but would make it worse.
--
Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/214#comment:13>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects
More information about the cabal-devel
mailing list