[Hackage] #214: Package security

Hackage trac at galois.com
Tue May 20 15:33:09 EDT 2008

#214: Package security
  Reporter:  duncan         |        Owner:                 
      Type:  task           |       Status:  new            
  Priority:  normal         |    Milestone:                 
 Component:  miscellaneous  |      Version:        
  Severity:  normal         |   Resolution:                 
  Keywords:                 |   Difficulty:  project(> week)
Ghcversion:  6.8.2          |     Platform:                 
Comment (by ross):

 Replying to [comment:12 guest]:
 > Replying to [comment:9 myself]:
 > > Password protecting packages as discussed on the libraries list
 > Actually I liked the idea of limiting the uploaders of packages better,
 because it has a smaller impact on the authors' workflow, and paves the
 way for trusting packages by their base name (which is what {{{cabal-
 install}}} uses to find packages.)

 I suspect that Bulat, who proposed that, didn't realize that we have
 password authentication for users.

 There may be an inevitable logic to what you say.  Still, there's only
 been one case so far of someone overwriting a package, and that wouldn't
 have happened if we had had a policy on display.  Almost all of the
 problems so far have been with the first upload (by a non-maintainer), and
 this machinery wouldn't help there, but would make it worse.

Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/214#comment:13>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects

More information about the cabal-devel mailing list