[Hackage] #214: Package security
Neil Mitchell
ndmitchell at gmail.com
Wed May 21 10:16:01 EDT 2008
Hi Marc,
> I don't have an account yet so I can't answer on trac, can I?
Username: guest
Password: haskell'
> And he told me he has already implemnted kind of strace tool.
> One way would be: Use kind of sandbox/ observation and build the package
> once on hackage. If it doesn't try to rm -fr ${HOMe} it's considered
> beeing safe and everyone can download it.. If it tries to do such stupid
> things (and making connections to somewhere else should be considered
> stupid..) it could be marked as malicious ..
If you make it harder to do this, you are really just encouraging
people to be more creative. If you leave a box on a table, everyone
will leave it alone. If you lock the box, you are just encouraging
people to test their lock picking skills.
Thanks
Neil
More information about the cabal-devel
mailing list