[Haskell-cafe] Re: Handling absent maintainers

Erik de Castro Lopo mle+hs at mega-nerd.com
Thu Aug 5 00:07:33 EDT 2010

Ivan Lazar Miljenovic wrote:

> On 5 August 2010 13:32, Mark Wotton <mwotton at gmail.com> wrote:
> > On Thu, Aug 5, 2010 at 1:29 PM, Ivan Lazar Miljenovic
> > <ivan.miljenovic at gmail.com> wrote:
> >> On 5 August 2010 13:23, Mark Wotton <mwotton at gmail.com> wrote:
> >>> Might it be possible to enable multiple maintainers on packages, each
> >>> of whom can upload new versions? As far as I can tell, that's not
> >>> currently possible with Cabal.
> >>
> >> Huh?  Cabal doesn't care who the maintainers are: it just has a text
> >> field where you list a maintainer[s].  See for example
> >> http://hackage.haskell.org/package/fgl-
> >>
> >> Currently, AFAIK Hackage allows anyone with an account to upload anything.
> >
> > Can you have two people uploading versions of the same package,
> > though? Presumably it's not possible for me to upload a version of
> > bytestring which makes monkeys fly out of your ethernet port when you
> > try to concatenate strings.
> Well, I'd like to see the code required to spontaneously create
> monkeys at an ethernet port, but from what I've read Hackage has no
> constraints in place in terms of who uploads what and when.  You just
> can't upload something with a version that's already on Hackage.

The permissiveness of hackage uploads suggests that Hackage needs 
to start using something like GPG signing and GPG webs of trust.

The Debian project has stuff like this in place and I'm sure this
community could learn a lot from what Debian is currently using.

Erik de Castro Lopo

More information about the Haskell-Cafe mailing list