[opam-devel] "Typosquatting programming language package managers"; how to protect opam-repository from typo-squatting?
daniel.buenzli at erratique.ch
Thu Jun 9 16:16:30 BST 2016
Le jeudi, 9 juin 2016 à 15:57, Gabriel Scherer a écrit :
> My plan was: in `opam lint`, emit a warning if the linted package name is at edit distance 2 or less (but not 0) of an existing package in the repository. But this does not quite work; I quickly looked at the code and it seems that "opam lint" is meant to be run purely locally, it does not have access to a base of packages available in the repository.
opam lint is automatically run by camelus when you do a PR to the OCaml OPAM repository so it would be useful for the maintainers (and to the package submitter aswell).
More information about the opam-devel