On 3 July 2012 03:14, Duncan Coutts <duncan.cou...@googlemail.com> wrote: > On Mon, 2012-07-02 at 12:25 +0100, Ian Lynagh wrote: >> Hi all, >> >> I'm planning to spend some time, on behalf of the Industrial Haskell >> Group, working on Hackage 2 in the coming weeks. > > [..] > >> So that leaves 3 tickets as blockers: >> >> #911: We need to do something here. With Hackage 1, it takes manual >> approval before you can upload packages, and at the very least Hackage 2 >> should match that. I have the impression that that is already possible >> (by restricting package upload to a group, and requiring accounts to be >> added to that group by an admin), but I haven't confirmed that yet. > > Right, I don't think we need to do any more than make sure uploaders are > in the appropriate group. It *should* currently be the case that only > accounts in the package group can upload, and the first time you upload > a new named package then you get added as the initial member of the new > package group. > > Currently for testing purposes anyone can register an account and can > then upload new packages. We have two options here: restrict account > creation to be manual like in hackage 1, or add a new system-wide > "uploaders" group for accounts that are authorised to upload new > packages and have a manual admin step to add people to the uploaders > group. The latter will allow for registered users who are not uploaders > which would be useful later to allow things like non-anonymous > commenting etc.
I think we should avoid manual approvals; I know several people who have excellent, working, used in-production, cabalified Haskell code but for whatever reason they are reluctant to request an account -- however they have code on github. Allowing random users to upload code only really becomes a problem when poorly named or insecure packages pollute the global namespace; perhaps admin approval should only be on global naming, not on account creation and upload. Conrad. _______________________________________________ cabal-devel mailing list cabal-devel@haskell.org http://www.haskell.org/mailman/listinfo/cabal-devel
