[Haskell-cafe] [haskell-infrastructure] Improvements to package hosting and security

Gershom B gershomb at gmail.com
Wed Apr 15 05:50:14 UTC 2015

On April 15, 2015 at 1:43:42 AM, Michael Snoyman (michael at snoyman.com) wrote:
> > There's a lot of stuff going on inside of Hackage which we have  
> no insight into or control over. The simplest is that we can't  
> review a log of revisions. Improving that is a good thing, and  
> I hope Hackage does so. Nonetheless, I'd still prefer a fully  
> open, auditable system, which isn't possible with "just tack  
> it on to Hackage.”

Ok, I’m going to ignore everything else and just focus on this, because it seems to be the only thing related to hackage, and therefore should be thought of separately from everything else.

What _else_ goes on that “we have no insight or control over”? Can we document the full list. Can we specify what we mean by insight? I take that to mean auditability. Can we specify what we mean by “control? (There I have no idea).

(With regards to revision logs, revisions are still a relatively new feature and there’s lots of bits and bobs missing, and I agree this is low hanging fruit to improve).


More information about the Haskell-Cafe mailing list