[Haskell-cafe] Unmaintained packages and hackage upload rights
Carter Schonwald
carter.schonwald at gmail.com
Fri Jan 31 16:12:02 UTC 2014
People are missing a key point: hackage packages are append only. Any
upload will not override any prior version, and a bad new version is quite
easy to deprecate.
I'm not sure I'm comfortable with the idea of trustees having super upload
powers by default (Speaking as the only person with trustee but not admin
powers). Ie Id want a "trustee" upload to be a distinguished API thst I
couldn't trip using cabal upload and if such a hypothetical power existed,
I'd probably solicit feedback from a few folks by emailing the libraries
list and testing any such upload locally.
That aside: why isn't anyone helping work on hackage-server? We really need
a few Heros to help work on hackage server. Otherwise it's kinda moot! :-)
On Friday, January 31, 2014, Brandon Allbery <allbery.b at gmail.com> wrote:
> On Fri, Jan 31, 2014 at 7:22 AM, Erik Hesselink <hesselink at gmail.com<javascript:_e(%7B%7D,'cvml','hesselink at gmail.com');>
> > wrote:
>
>> On Fri, Jan 31, 2014 at 1:12 PM, Roman Cheplyaka <roma at ro-che.info<javascript:_e(%7B%7D,'cvml','roma at ro-che.info');>>
>> wrote:
>> >> Again, do you have any suggestions to make things better?
>> >
>> > Here I merely want people to realize that there is a problem. How to
>> > solve it is a whole new discussion.
>>
>> I think plenty of people (including me) have already agreed that there
>> is a problem. So I don't understand the point of your message about
>> security, then.
>>
>
> It was a response to Evan Coskey, who introduced a bit of a diversion.
>
> --
> brandon s allbery kf8nh sine nomine
> associates
> allbery.b at gmail.com <javascript:_e(%7B%7D,'cvml','allbery.b at gmail.com');>
> ballbery at sinenomine.net<javascript:_e(%7B%7D,'cvml','ballbery at sinenomine.net');>
> unix, openafs, kerberos, infrastructure, xmonad
> http://sinenomine.net
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20140131/6dd8fc17/attachment.html>
More information about the Haskell-Cafe
mailing list