[Haskell-cafe] Do I need an account to report build of
Hacakgepackages?
Claus Reinke
claus.reinke at talk21.com
Sat Nov 22 10:11:34 EST 2008
> You only need an account for uploading packages. If you do not want to
> have to enter your user name or password interactively when you run
> "cabal upload" then you can put them in the config file:
>
> username:
> password:
That sounds like a very bad idea, and should not be encouraged!
Any compromised uploader machine with stored passwords can
be used to upload compromising code, which will propagate to
all downloaders. One bad-apple package installed unwittingly on
one uploader machine with stored passwords could compromise
all of Haskell land.
Claus
More information about the Haskell-Cafe
mailing list