[Haskell-cafe] Offer to mirror Hackage
Brandon S Allbery KF8NH
allbery at ece.cmu.edu
Wed Dec 8 04:51:34 CET 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/7/10 18:53 , Darrin Chandler wrote:
> On Tue, Dec 07, 2010 at 11:04:04PM +0100, Ketil Malde wrote:
>> It's not obvious to me that adding a mirror makes the infrastructure
>> more more insecure. Any particular concerns? (I hope I qualify as
>> naïve here :-)
>
> If you run a mirror people will come to you for software to run on their
> machines. I see a way to take advantage of that immediately.
Exactly. And this isn't theoretical; fake packages and packages with extra
payloads injected into them are fairly common.
- --
brandon s. allbery [linux,solaris,freebsd,perl] allbery at kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery at ece.cmu.edu
electrical and computer engineering, carnegie mellon university KF8NH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkz/AMYACgkQIn7hlCsL25WCuwCgyuhbb6Q1eMbatUX5mxDp6Avi
dDoAnj49sj73cDTVp0+8BXxi6oir3zAq
=x2Gr
-----END PGP SIGNATURE-----
More information about the Haskell-Cafe
mailing list