I accept that it's bad to be able to subvert an existing named package
#214: Package security ----------------------------+----------------------------------------------- Reporter: duncan | Owner: Type: task | Status: new Priority: normal | Milestone: Component: miscellaneous | Version: 1.2.3.0 Severity: normal | Resolution: Keywords: | Difficulty: project(> week) Ghcversion: 6.8.2 | Platform: ----------------------------+----------------------------------------------- Comment (by ross@soi.city.ac.uk): Replying to [comment:9 duncan]: that has people's trust. #239 is now fixed. I agree that we want a system to let package authors limit who else should be allowed to upload their package. #239 is only fixed in that you cannot replace an existing version, and the uploader is displayed on the package page. It remains possible for anyone to upload a new version of any package. I've been assuming that I'm dealing with responsible people, and will remove any that aren't. People seem very keen to jump to the last item on your list above. Most security measures have costs to implementors, users and in maintenance. If they cover only some of the holes, they will be worse than useless: the system will be harder to use and maintain, but no more secure.
Linking authors to what else they have uploaded is also a good idea.
This would be useful, and tied in with build reporting would give some sort of ranking of package maintainers, and may motivate them to test their packages before uploading them. I'm not sure it would help a lot with security, though. -- Ticket URL: http://hackage.haskell.org/trac/hackage/ticket/214#comment:11 Hackage http://haskell.org/cabal/ Hackage: Cabal and related projects