Ivan Lazar Miljenovic wrote: > On 5 August 2010 13:32, Mark Wotton <mwot...@gmail.com> wrote: > > On Thu, Aug 5, 2010 at 1:29 PM, Ivan Lazar Miljenovic > > <ivan.miljeno...@gmail.com> wrote: > >> On 5 August 2010 13:23, Mark Wotton <mwot...@gmail.com> wrote: > >>> Might it be possible to enable multiple maintainers on packages, each > >>> of whom can upload new versions? As far as I can tell, that's not > >>> currently possible with Cabal. > >> > >> Huh? Cabal doesn't care who the maintainers are: it just has a text > >> field where you list a maintainer[s]. See for example > >> http://hackage.haskell.org/package/fgl-5.4.2.3 > >> > >> Currently, AFAIK Hackage allows anyone with an account to upload anything. > > > > Can you have two people uploading versions of the same package, > > though? Presumably it's not possible for me to upload a version of > > bytestring which makes monkeys fly out of your ethernet port when you > > try to concatenate strings. > > Well, I'd like to see the code required to spontaneously create > monkeys at an ethernet port, but from what I've read Hackage has no > constraints in place in terms of who uploads what and when. You just > can't upload something with a version that's already on Hackage.
The permissiveness of hackage uploads suggests that Hackage needs to start using something like GPG signing and GPG webs of trust. The Debian project has stuff like this in place and I'm sure this community could learn a lot from what Debian is currently using. Erik -- ---------------------------------------------------------------------- Erik de Castro Lopo http://www.mega-nerd.com/ _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
