On Wed, Dec 8, 2010 at 5:41 AM, Ketil Malde <ke...@malde.org> wrote: > I'm a bit surprised to find that there seems to be a lot of opposition > to this view, but perhaps the existing structure is more secure than I > thought?
The difference is in the ability to influence other packages and metadata, I think. You could upload a trojan to Hackage right now, but who would ever install it? You could go to the effort of becoming responsible for a package that people do use and then slip the trojan in later, but the update to the package will still be visible and--since this is now a package that people actually use--some do-gooder will probably stumble on your nefarious plot in the process of simple compatibility checking or such. On the other hand, by running a malicious mirror, nothing stops you from inserting (unsafePerformIO installRootKit) into the bytestring package with no indication of a change. All of this applies equally to Hackage as it stands, of course, the difference being the implicit trust the community puts in the people with administrative power over it. If someone else who already has that degree of informal trust put up a mirror I don't think anyone would have a problem using it. As always security is a matter of degree, but Hackage is just high-profile enough that a bit of care is probably warranted. And I suspect that most worthwhile interim solutions to add a bit of trust for mirrors would be almost as much effort as a complete solution. - C. _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe