#239: security hole: anyone can replace a package --------------------------------+------------------------------------------- Reporter: guest | Owner: Type: defect | Status: new Priority: normal | Milestone: Component: HackageDB website | Version: Severity: normal | Resolution: Keywords: | Difficulty: normal Ghcversion: 6.8.2 | Platform: --------------------------------+------------------------------------------- Comment (by guest): The point of Malcolm's issue isn't uploading packages with the same version or not - that's irrelevant. It's someone who isn't the maintainer uploading the package - if they bump the version number they can still upload it. For what its worth, I want to upload packages with the same version, so please don't apply the rejecting patch. But I do want to stop anyone but me uploading packages for anything that I'm the maintainer of! -- Neil Mitchell -- Ticket URL: http://hackage.haskell.org/trac/hackage/ticket/239#comment:3 Hackage http://haskell.org/cabal/ Hackage: Cabal and related projects