Re: [Haskell-cafe] Unmaintained packages and hackage upload rights

People are missing a key point: hackage packages are append only. Any upload will not override any prior version, and a bad new version is quite easy to deprecate. I'm not sure I'm comfortable with the idea of trustees having super upload powers by default (Speaking as the only person with trustee but not admin powers). Ie Id want a "trustee" upload to be a distinguished API thst I couldn't trip using cabal upload and if such a hypothetical power existed, I'd probably solicit feedback from a few folks by emailing the libraries list and testing any such upload locally. That aside: why isn't anyone helping work on hackage-server? We really need a few Heros to help work on hackage server. Otherwise it's kinda moot! :-) On Friday, January 31, 2014, Brandon Allbery wrote:

On Fri, Jan 31, 2014 at 7:22 AM, Erik Hesselink javascript:_e(%7B%7D,'cvml','hesselink@gmail.com');

...

wrote:

...

On Fri, Jan 31, 2014 at 1:12 PM, Roman Cheplyaka javascript:_e(%7B%7D,'cvml','roma@ro-che.info');> wrote:

...

...

Again, do you have any suggestions to make things better?

Here I merely want people to realize that there is a problem. How to solve it is a whole new discussion.

I think plenty of people (including me) have already agreed that there is a problem. So I don't understand the point of your message about security, then.

It was a response to Evan Coskey, who introduced a bit of a diversion.

-- brandon s allbery kf8nh sine nomine associates allbery.b@gmail.com javascript:_e(%7B%7D,'cvml','allbery.b@gmail.com'); ballbery@sinenomine.netjavascript:_e(%7B%7D,'cvml','ballbery@sinenomine.net'); unix, openafs, kerberos, infrastructure, xmonad http://sinenomine.net