On 31/01/13 09:16, Ketil Malde wrote:
*MY* proposal is that:
0. Hackage sends an email to the previous uploader whenever a new
version of a package is uploaded by somebody else.
At least that way, I would be notified if it happened to my packages,
and I would be able to check up on the situation, and rectify it.
This is not to say that cryptographic signing is the wrong thing to do,
but a very simple thing like this, which would probably take all of five
minutes to implement, would reduce risk by a substantial amount.
That is an excellent idea, and it should be very simple to add.
Of course it doesn't stop all attacks, but it does stop the most obvious one.
And it might also prevent some honest mistakes or errors in communication where
someone uploads a forked package without permission.
Twan
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
