[Haskell-cafe] Unmaintained packages and hackage upload rights
carter.schonwald at gmail.com
Fri Jan 31 16:12:02 UTC 2014
People are missing a key point: hackage packages are append only. Any
upload will not override any prior version, and a bad new version is quite
easy to deprecate.
I'm not sure I'm comfortable with the idea of trustees having super upload
powers by default (Speaking as the only person with trustee but not admin
powers). Ie Id want a "trustee" upload to be a distinguished API thst I
couldn't trip using cabal upload and if such a hypothetical power existed,
I'd probably solicit feedback from a few folks by emailing the libraries
list and testing any such upload locally.
That aside: why isn't anyone helping work on hackage-server? We really need
a few Heros to help work on hackage server. Otherwise it's kinda moot! :-)
On Friday, January 31, 2014, Brandon Allbery <allbery.b at gmail.com> wrote:
> > wrote:
>> >> Again, do you have any suggestions to make things better?
>> > Here I merely want people to realize that there is a problem. How to
>> > solve it is a whole new discussion.
>> I think plenty of people (including me) have already agreed that there
>> is a problem. So I don't understand the point of your message about
>> security, then.
> It was a response to Evan Coskey, who introduced a bit of a diversion.
> brandon s allbery kf8nh sine nomine
> unix, openafs, kerberos, infrastructure, xmonad
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Haskell-Cafe