28 Oct
2012
28 Oct
'12
11:11 a.m.
At Sun, 28 Oct 2012 14:59:00 +0400, Dmitry Vyal wrote:
Does hackage at least store the logs of packages uploads? What's the reason or such a security model? I guess it was appropriate in the past when hackage was an experimental service, but now it's a standard way of distributing Haskell code. If anyone can update any package, we are waiting for the disaster. I have some haskell code I wrote myself running as root and these thoughts make me shiver.
There is no good reason for it to be like that, it is truly bad. Hackage2 has been in the works for a while and will fix this "problem". More information here: http://hackage.haskell.org/trac/hackage/wiki/HackageDB/2.0.