#214: Package security ----------------------------+----------------------------------------------- Reporter: duncan | Owner: Type: task | Status: new Priority: normal | Milestone: Component: miscellaneous | Version: 1.2.3.0 Severity: normal | Resolution: Keywords: | Difficulty: project(> week) Ghcversion: 6.8.2 | Platform: ----------------------------+----------------------------------------------- Comment (by duncan): I accept that it's bad to be able to subvert an existing named package that has people's trust. #239 is now fixed. I agree that we want a system to let package authors limit who else should be allowed to upload their package. Linking authors to what else they have uploaded is also a good idea. My point was about a new package that someone uploaded as in the recent demo and that that's not so much of a problem precisely because its new. We expect people to download packages they know of or have had recommended, not random packages. -- Ticket URL: http://hackage.haskell.org/trac/hackage/ticket/214#comment:9 Hackage http://haskell.org/cabal/ Hackage: Cabal and related projects