hackage2 account approvals (Re: Hackage 2 status)
Conrad Parker
conrad at metadecks.org
Tue Jul 3 01:07:00 CEST 2012
On 3 July 2012 03:14, Duncan Coutts <duncan.coutts at googlemail.com> wrote:
> On Mon, 2012-07-02 at 12:25 +0100, Ian Lynagh wrote:
>> Hi all,
>>
>> I'm planning to spend some time, on behalf of the Industrial Haskell
>> Group, working on Hackage 2 in the coming weeks.
>
> [..]
>
>> So that leaves 3 tickets as blockers:
>>
>> #911: We need to do something here. With Hackage 1, it takes manual
>> approval before you can upload packages, and at the very least Hackage 2
>> should match that. I have the impression that that is already possible
>> (by restricting package upload to a group, and requiring accounts to be
>> added to that group by an admin), but I haven't confirmed that yet.
>
> Right, I don't think we need to do any more than make sure uploaders are
> in the appropriate group. It *should* currently be the case that only
> accounts in the package group can upload, and the first time you upload
> a new named package then you get added as the initial member of the new
> package group.
>
> Currently for testing purposes anyone can register an account and can
> then upload new packages. We have two options here: restrict account
> creation to be manual like in hackage 1, or add a new system-wide
> "uploaders" group for accounts that are authorised to upload new
> packages and have a manual admin step to add people to the uploaders
> group. The latter will allow for registered users who are not uploaders
> which would be useful later to allow things like non-anonymous
> commenting etc.
I think we should avoid manual approvals; I know several people who
have excellent, working, used in-production, cabalified Haskell code
but for whatever reason they are reluctant to request an account --
however they have code on github.
Allowing random users to upload code only really becomes a problem
when poorly named or insecure packages pollute the global namespace;
perhaps admin approval should only be on global naming, not on account
creation and upload.
Conrad.
More information about the cabal-devel
mailing list