I feel that this is the wrong direction to take and will add more burden on
people that we shouldn't be adding additional burden to. It's also the
I just had a quick squizz at Hackage with a simple PR you'll be able to
remove the incentives for this behaviour.
Add "nofollow" to any links supplied by the user or that are rendered as
part of parsing user input.
The .NET ecosystem recently went through these same notions for the same
reasons - here's the PR
On Fri., 23 Feb. 2018, 10:38 am Matthias Kilian, <k...@outback.escape.de>
> On Thu, Feb 22, 2018 at 05:54:33PM -0500, Gershom B wrote:
> > In the meantime, as a short term measure, we have changed new account
> > registration policies on hackage.
> > Users can still register as before, but new users do _not_ have upload
> > rights until they explicitly request them and are granted them by a
> > human being.
> > (This is actually how we had configured hackage to work on initial
> > deployment -- we loosened things up for some years as the extra step
> > seemed unnecessary).
> Does this mean that before the todays change, anyone (or anything)
> could register and upload packages without any review and without
> any acknowledgement for trustfulness by another person? Does it
> maen that one can't trust *any* package on hackage.haskell.org at
> least a little bit (based on trust between acknowledging persons
> and reputation) without reviewing the package's source code?
> Haskell mailing list
Haskell mailing list