Hackage 2

Leon Smith leon.p.smith at gmail.com
Tue Sep 4 01:35:33 CEST 2012

On Mon, Sep 3, 2012 at 4:20 AM, Erik Hesselink <hesselink at gmail.com> wrote:

> I think that the eventual situation should have per-package uploaders.
> It just seems to dangerous for anyone to be able to upload any
> package, especially heavily-used ones.

I think you underestimate the power of non-technical security measures.
It's not been a problem in the past,  and Debian allows any committer to
upload any package.

The thing is,  since we have an account approval process and that we have a
full, public log of everything that everybody's uploaded,   people are
going to notice when somebody uploads something they shouldn't.   We have
accountability,  unlike a typical FTP site or other mutable filesystem.

Also,  remember Linus Torvald's justification for not having any commit
bits in git;  I think our situation is different but similar.    If
somebody does upload something they shouldn't,  to what degree is it really
a problem?   Again,  data is not lost,  and we have accountability.

> On the other hand, I see little
> use for the global uploaders group. So I'd propose to eventually
> switch from the current situation, and have only per-package
> uploaders, and no global uploaders.

As a LtU admin (something more of a nightclub bouncer, really),  I dislike
the current Hackage 2 user account process in a lot of respects.   But the
approval process has worked remarkably well for LtU,  we haven't had a
single spam message since requiring account approval before posting.   (I
hope I haven't failed to approve too many legitimate requests... but at the
same time,  if somebody really wants an account they can try again or
contact Ehud.)

Also,  we haven't had a single problem that I'm aware of on Ross Paterson's
watch as bouncer for Hackage 1.    The point I'm trying to make is that a
technical solution imposes additional administrative and technical overhead
whereas social processes can also be very effective while also handling
corner cases more gracefully.

I've been working on a very rough sketch of a web application for the
workflow I'd like to have in this account request/approval process.
 Hopefully I'll have some code to show soonish, but I have a lot on my
plate this week.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/cabal-devel/attachments/20120903/884aa04b/attachment.htm>

More information about the cabal-devel mailing list