Re: [Haskell-cafe] Re: Handling absent maintainers

Ivan Lazar Miljenovic wrote:

On 5 August 2010 13:32, Mark Wotton wrote:

...

On Thu, Aug 5, 2010 at 1:29 PM, Ivan Lazar Miljenovic wrote:

...

On 5 August 2010 13:23, Mark Wotton wrote:

...

Might it be possible to enable multiple maintainers on packages, each of whom can upload new versions? As far as I can tell, that's not currently possible with Cabal.

Huh?  Cabal doesn't care who the maintainers are: it just has a text field where you list a maintainer[s].  See for example http://hackage.haskell.org/package/fgl-5.4.2.3

Currently, AFAIK Hackage allows anyone with an account to upload anything.

Can you have two people uploading versions of the same package, though? Presumably it's not possible for me to upload a version of bytestring which makes monkeys fly out of your ethernet port when you try to concatenate strings.

Well, I'd like to see the code required to spontaneously create monkeys at an ethernet port, but from what I've read Hackage has no constraints in place in terms of who uploads what and when. You just can't upload something with a version that's already on Hackage.

The permissiveness of hackage uploads suggests that Hackage needs to start using something like GPG signing and GPG webs of trust. The Debian project has stuff like this in place and I'm sure this community could learn a lot from what Debian is currently using. Erik -- ---------------------------------------------------------------------- Erik de Castro Lopo http://www.mega-nerd.com/