#214: Package security ----------------------------+----------------------------------------------- Reporter: duncan | Owner: Type: task | Status: new Priority: normal | Milestone: Component: miscellaneous | Version: 1.2.3.0 Severity: normal | Resolution: Keywords: | Difficulty: project(> week) Ghcversion: 6.8.2 | Platform: ----------------------------+----------------------------------------------- Comment (by ross): Replying to [comment:12 guest]:
Replying to [comment:9 myself]:
Password protecting packages as discussed on the libraries list
Actually I liked the idea of limiting the uploaders of packages better, because it has a smaller impact on the authors' workflow, and paves the way for trusting packages by their base name (which is what {{{cabal- install}}} uses to find packages.)
I suspect that Bulat, who proposed that, didn't realize that we have password authentication for users. There may be an inevitable logic to what you say. Still, there's only been one case so far of someone overwriting a package, and that wouldn't have happened if we had had a policy on display. Almost all of the problems so far have been with the first upload (by a non-maintainer), and this machinery wouldn't help there, but would make it worse. -- Ticket URL: http://hackage.haskell.org/trac/hackage/ticket/214#comment:13 Hackage http://haskell.org/cabal/ Hackage: Cabal and related projects