Package takeover: bzlib
Andrew Lelechenko
andrew.lelechenko at gmail.com
Sat Mar 9 15:30:13 UTC 2024
I’d like to take over `bzlib` package (https://hackage.haskell.org/package/bzlib).
I’ve contacted the package maintainer (Duncan Coutts, CC'd) by email twice in Aug 2023 and Oct 2023, but never heard back. Earlier Duncan granted me rights for `tar` and `zlib` packages, so I imagine he is just exceedingly busy.
`bzlib` package has been on life support by Hackage Trustees for many years with a fork maintained at https://github.com/hackage-trustees/bzlib. While I can do another non-maintainer upload in my Trustee hat, I’d like to seek a more permanent solution and maintain `bzlib` back to its canonical home at https://github.com/haskell/bzlib (which I already have access to).
I do not plan any drastic changes. The immediate cause of this request is HSEC-2024-0002 (https://github.com/haskell/security-advisories/pull/157, https://github.com/hackage-trustees/bzlib/issues/4), which identifies a security vulnerability in `bzlib`, thus raising a need for urgent update.
Best regards,
Andrew
More information about the Libraries
mailing list