[Haskell-cafe] [Security] Put haskell.org on https

Francesco Mazzoli f at mazzo.li
Sun Oct 28 12:11:33 CET 2012

At Sun, 28 Oct 2012 14:59:00 +0400,
Dmitry Vyal wrote:
> Does hackage at least store the logs of packages uploads? What's the reason or
> such a security model? I guess it was appropriate in the past when hackage was
> an experimental service, but now it's a standard way of distributing Haskell
> code. If anyone can update any package, we are waiting for the disaster. I
> have some haskell code I wrote myself running as root and these thoughts make
> me shiver.

There is no good reason for it to be like that, it is truly bad.  Hackage2 has
been in the works for a while and will fix this "problem".  More information
here: <http://hackage.haskell.org/trac/hackage/wiki/HackageDB/2.0>.

More information about the Haskell-Cafe mailing list