#214: Package security ----------------------------+----------------------------------------------- Reporter: duncan | Owner: Type: task | Status: new Priority: normal | Milestone: Component: miscellaneous | Version: 1.2.3.0 Severity: normal | Resolution: Keywords: | Difficulty: project(> week) Ghcversion: 6.8.2 | Platform: ----------------------------+----------------------------------------------- Comment (by guest): ''As for users downloading bad packages, perhaps we should ask why they might be more likely to download and run an unknown package from hackage than say 132.73.41.22/hax0r.sh.'' I think {{{cabal install}}} is a fair answer to that question. Together with #239 we have a real security problem, because it makes package names untrustworthy. Password protecting packages as discussed on the libraries list would help there. - int-e -- Ticket URL: http://hackage.haskell.org/trac/hackage/ticket/214#comment:7 Hackage http://haskell.org/cabal/ Hackage: Cabal and related projects