[Haskell-cafe] Unmaintained packages and hackage upload rights
gergely at risko.hu
Fri Jan 31 12:55:02 UTC 2014
On Fri, 31 Jan 2014 10:04:33 +0100, Erik Hesselink <hesselink at gmail.com> writes:
> * User fixes a package, emails the maintainer.
> * No response: User emails trustees.
> * Trustees check the above conditions, and upload the new version.
* Attacker "fixes the package", emails the maintainer with a typo in the
email address (if the package is really unmaintained and the
maintainer is unreachable this typo trick is not even necessary)
* No response: attacker emails trustees
* Attacker provides a github repository where the last commit is nice,
but the attack is in previous commits that are converted from darcs to
Of course I'd never attack my beloved Haskell community, but I also
don't believe in snake-oil processes.
More information about the Haskell-Cafe