[Haskell-cafe] Unmaintained packages and hackage upload rights

Gergely Risko gergely at risko.hu
Fri Jan 31 12:55:02 UTC 2014


On Fri, 31 Jan 2014 10:04:33 +0100, Erik Hesselink <hesselink at gmail.com> writes:

> * User fixes a package, emails the maintainer.
> * No response: User emails trustees.
> * Trustees check the above conditions, and upload the new version.

* Attacker "fixes the package", emails the maintainer with a typo in the
  email address (if the package is really unmaintained and the
  maintainer is unreachable this typo trick is not even necessary)
* No response: attacker emails trustees
* Attacker provides a github repository where the last commit is nice,
  but the attack is in previous commits that are converted from darcs to
  git(hub)

Of course I'd never attack my beloved Haskell community, but I also
don't believe in snake-oil processes.

Gergely



More information about the Haskell-Cafe mailing list