[Haskell-cafe] Do I need an account to report build of
antti-juhani at kaijanaho.fi
Sat Nov 22 10:45:18 EST 2008
On Sat, Nov 22, 2008 at 03:11:34PM -0000, Claus Reinke wrote:
>> You only need an account for uploading packages. If you do not want to
>> have to enter your user name or password interactively when you run
>> "cabal upload" then you can put them in the config file:
> That sounds like a very bad idea, and should not be encouraged!
> Any compromised uploader machine with stored passwords can
> be used to upload compromising code, which will propagate to all
It doesn't really matter whether a compromised machine stores a password or
not. If you upload anything using a compromised machine, the attacker
has the opportunity to learn your password.
Also, Hackage doesn't use SSL/TLS, so compromising a machine isn't necessary
for learning Hackage passwords.
Antti-Juhani Kaijanaho, Jyväskylä, Finland
More information about the Haskell-Cafe