Yes, absolutely, except without the "well known" bit. -- matthew
I don't have an account yet so I can't answer on trac, can I? I've talked about this with dcoutts some time ago. And he told me he has already implemnted kind of strace tool. One way would be: Use kind of sandbox/ observation and build the package once on hackage. If it doesn't try to rm -fr ${HOMe} it's considered beeing safe and everyone can download it.. If it tries to do such stupid things (and making connections to somewhere else should be considered stupid..) it could be marked as malicious .. Of course the package might become malicious only on Monday or after 9.11.2011 etc.. but obvious packages which would hurt hundreds of people could be catched this way easily. All we would need is a build system. Of course we can't do anything about this only no Monday problem but trusting uploaders.. Marc Weber