Hackage Accounts

Leon Smith leon.p.smith at gmail.com
Wed Sep 5 16:18:13 CEST 2012

Yup,  Duncan is exactly correct.  We currently use a social process to
manage hackage.  I'm part of the team that is taking over this social
process from Ross Paterson,  so I'm trying to understand how it worked in
the past.   That's my ulterior motive. :-D

As I've written in another mail to this list,  I'm have a similar job on
LtU;  in my case a substantial majority of the account requests are spam.
 And we haven't had a single spam message on the site since we moved to the
policies that new accounts must be approved by an administrator before they
can post.  I'm not sure exactly what to expect in this new job,  though it
sounds that if we keep the same email approach,  that the substantial
majority of account requests will be legit.    I'm trying to understand
those requests that might not be legit.

Some people think we should adopt more techical measures to secure hackage,
 although I personally think that social processes,  properly done,  can
continue to work well,  well into the future.  Even so,  that debate is an
entirely seperate issue from trying to understand what it's looked like
from Ross's perpsective for the last number of years.


On Wed, Sep 5, 2012 at 9:57 AM, Duncan Coutts
<duncan.coutts at googlemail.com>wrote:

> On 5 September 2012 14:34, Lars Viklund <zao at acc.umu.se> wrote:
> > On Wed, Sep 05, 2012 at 09:19:53AM -0400, Leon Smith wrote:
> >> Well, I guess that sort of counts as a refusal.   What kinds of requests
> >> lead you to ask for more information,  and what kinds of information
> have
> >> you asked for?
> >>
> >> On Wed, Sep 5, 2012 at 9:01 AM, Ross Paterson <ross at soi.city.ac.uk>
> wrote:
> >>
> >> > On Wed, Sep 05, 2012 at 01:15:09PM +0100, Leon Smith wrote:
> >> > > I have a question for Ross Paterson, namely do you decline an
> account
> >> > > request, and if so, what reasons do you have for declining an
> account
> >> > > request?
> >> >
> >> > I haven't refused any requests, but occasionally I ask for more
> information
> >> > and don't get a response.
> >
> > This chain of mails looks quite strange to me.
> >
> > Do you have some kind of ulterior motive for these inquiries? It almost
> > sounds like you're trying to get someone to write themselves into a
> > trap.
> >
> > If you're beating around a bush, out with it already.
> >
> > De-drama-ifyingly yours,
> Lars, the motive is quite simple. The existing hackage server doesn't
> have much in the way of security restrictions, we basically have to
> trust all people with upload accounts. So we have a manual, human
> process for requesting an account. In that context it's perfectly
> reasonable to ask for more details if the initial request didn't say
> much.
> In the new server the security is a little better, but we still want
> to have a manual step to grant uploader rights.
> Make sense? It's not a weird conspiracy :-)
> Duncan
> _______________________________________________
> cabal-devel mailing list
> cabal-devel at haskell.org
> http://www.haskell.org/mailman/listinfo/cabal-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/cabal-devel/attachments/20120905/c2251807/attachment-0001.htm>

More information about the cabal-devel mailing list