[Hackage] #214: Package security
Hackage
trac at galois.com
Tue May 20 16:38:06 EDT 2008
#214: Package security
----------------------------+-----------------------------------------------
Reporter: duncan | Owner:
Type: task | Status: new
Priority: normal | Milestone:
Component: miscellaneous | Version: 1.2.3.0
Severity: normal | Resolution:
Keywords: | Difficulty: project(> week)
Ghcversion: 6.8.2 | Platform:
----------------------------+-----------------------------------------------
Comment (by duncan):
Replying to [comment:10 guest]:
> I worry about the idea of providing "security" or some notion of safety
or trust only if one behaves "as expected". That seems slightly odd to me.
I think it's really essential. You are expecting for some reason that
something on hackage is held to a higher security or QA standard than
something else you randomly download off the web. What gives you that
confidence? What makes you think other users have that confidence? Perhaps
that's the security problem. There's no security problem with
`132.73.41.22/hax0r.sh` because there's no reason you would expect to
trust it.
As I said, a name can establish a reputation so there is value in
preventing well known names from being subverted.
--
Ticket URL: <http://hackage.haskell.org/trac/hackage/ticket/214#comment:14>
Hackage <http://haskell.org/cabal/>
Hackage: Cabal and related projects
More information about the cabal-devel
mailing list