[Hackage] #911: Package uploading is completely unsecured

Hackage cvs-ghc at haskell.org
Tue Feb 14 18:36:40 CET 2012

#911: Package uploading is completely unsecured
  Reporter:  bgamari           |        Owner:         
      Type:  defect            |       Status:  new    
  Priority:  high              |    Milestone:         
 Component:  Hackage 2 server  |      Version:
  Severity:  major             |     Keywords:         
Difficulty:  unknown           |   Ghcversion:         
  Platform:                    |  

Comment(by AntoineLatter):

 It's been a while since I tested this, but I think we already lock down
 uploading to existing packages - the only thing un-restricted is uploading
 new packages.

 So part of this is still a problem.

 I think at some point there was code to edit the list of 'uploaders' for a
 package, but I don't know where that is now.

Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/911#comment:2>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects

More information about the cabal-devel mailing list