[Hackage] #911: Package uploading is completely unsecured
Hackage
cvs-ghc at haskell.org
Tue Feb 14 18:36:40 CET 2012
#911: Package uploading is completely unsecured
-------------------------------+--------------------------------------------
Reporter: bgamari | Owner:
Type: defect | Status: new
Priority: high | Milestone:
Component: Hackage 2 server | Version: 1.8.0.6
Severity: major | Keywords:
Difficulty: unknown | Ghcversion:
Platform: |
-------------------------------+--------------------------------------------
Comment(by AntoineLatter):
It's been a while since I tested this, but I think we already lock down
uploading to existing packages - the only thing un-restricted is uploading
new packages.
So part of this is still a problem.
I think at some point there was code to edit the list of 'uploaders' for a
package, but I don't know where that is now.
--
Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/911#comment:2>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects
More information about the cabal-devel
mailing list