Hi, guys,
It looks old (and even ancient) versions of many packages gets uploaded to hackage over and over again in ever increasing amounts. The username of uploader for vast majority of these uploads is HerbertValerioRiedel.
While this is harmless I wonder what idea stands behind this? This is not harmless. This is a security issue by itself, as now
On 18/01/2015 09:56, kyra wrote: packages get changes transparently given a url, you might have a different package one day, which trigger hash check failure. or signed tag verification failure. This has also the effect of not changing the bounds in the repository, so for example, next time you upload a tweak'ed packages, you effectively revert the change done on hackage only. This is also done without the consent of the maintainer of a given package, nor that the maintainer is actually notified when that happens, or allow to prevent it happening. This is pretty big start from the other similar policy for taking over packages, that insist on a very long period of repeated communication with the author and then the community. The whole thing is at best ill advised, -- Vincent