[Haskell-cafe] Ongoing IHG work to improve Hackage security

Duncan Coutts duncan at well-typed.com
Fri Apr 17 11:23:30 UTC 2015

On Thu, 2015-04-16 at 15:56 +0200, Mikhail Glushenkov wrote:
> Hi,
> On 16 April 2015 at 15:34, Duncan Coutts <duncan at well-typed.com> wrote:
> > Compliant tar tools (including the standard unix tools, and
> > cabal-install) understand this and take the last entry in the archive as
> > the current file content.
> Thanks. I looked at the code again, and while this is not explicitly
> mentioned in comments, we get this behaviour for free by relying on
> Map.fromList.

Sorry, I should have added more comments there. I was aware of this
issue when I wrote the tar package (indeed I found out more about the
history of the tar format than is really healthy for anyone).

Duncan Coutts, Haskell Consultant
Well-Typed LLP, http://www.well-typed.com/

More information about the Haskell-Cafe mailing list