3 Jan
2007
3 Jan
'07
1:03 p.m.
We need some security on uploads to hackage, because Cabal packages can run arbitrary code during the build process (and when in use). I think that Apache authentication (as used in Trac, for example) would be sufficient, but that the initial registration of submitters needs to be done manually by a small group of people. We need to know who we're dealing with, and we need at least an email address to contact them. Personally, I'd prefer that user names were real names in camel case, but maybe I'm too old-fashioned. Any views?