Can't upload a package named "oath" to Hackage

David Feuer david.feuer at gmail.com
Wed Dec 8 21:58:39 UTC 2021


How are the trustees to know whether someone "deserves" to take a security
sensitive name? And "typos" can often be intentional when two packages each
deserve similar names. I think it's reasonable for trustees to step in if a
name is actually abused, but I don't support squatting.

On Wed, Dec 8, 2021, 4:53 PM Carter Schonwald <carter.schonwald at gmail.com>
wrote:

> Yeah. Typo squatting is or case squatting in helping preventing weird
> security / bug issues sounds sane to me
>
> On Wed, Dec 8, 2021 at 3:00 PM Jon Purdy <evincarofautumn at gmail.com>
> wrote:
>
>>
>> On Fri, Dec 3, 2021 at 6:34 AM Fumiaki Kinoshita <fumiexcel at gmail.com>
>> wrote:
>>
>>> Looking at other "reserved package names in the list, "all", "project",
>>> "test" are understandable but it's hard to think of any reason why oath
>>> should be reserved.
>>>
>>
>> When I first saw this thread, I guessed that it was reserved to prevent
>> typosquatting for “oauth” (OAuth <https://en.wikipedia.org/wiki/OAuth>).
>>
>> _______________________________________________
>> Libraries mailing list
>> Libraries at haskell.org
>> http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries
>>
> _______________________________________________
> Libraries mailing list
> Libraries at haskell.org
> http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/libraries/attachments/20211208/736cb998/attachment.html>


More information about the Libraries mailing list