candidate upload should reject uploads of existing version

[int-e]

I just had the following minor accident while uploading a new version of lambdabot: I first used cabal upload and things looked fine.

# cabal upload lambdabot-haskell-plugins/dist/lambdabot-haskell-plugins-5.1.0.2.tar.gz
Uploading
lambdabot-haskell-plugins/dist/lambdabot-haskell-plugins-5.1.0.2.tar.gz...
Package successfully uploaded as candidate. You can now preview the result at
'https://hackage.haskell.org/package/lambdabot-haskell-plugins-5.1.0.2/candidate'.
To publish the candidate, use 'cabal upload --publish'.

However, I had forgotten about the fact that I had already released that version (lambdabot has too many individual packages), and the final upload failed:

# cabal upload --publish lambdabot-haskell-plugins/dist/lambdabot-haskell-plugins-5.1.0.2.tar.gz
Uploading
lambdabot-haskell-plugins/dist/lambdabot-haskell-plugins-5.1.0.2.tar.gz...

Error uploading
lambdabot-haskell-plugins/dist/lambdabot-haskell-plugins-5.1.0.2.tar.gz: http
code 403
Error: Upload failed

This version of the package has already been uploaded.

As a matter of policy we do not allow package tarballs to be changed after a
release (so we can guarantee stable md5sums etc). The usual recommendation is
to upload a new version, and if necessary blacklist the existing one. In
extraordinary circumstances, contact the administrators.

I believe it would be helpful to reject candidates if the version already exists.

[hvr]

Duplicate of #558

[hvr]

This is indeed a known issue and would be addressed as part of #558 and related ones (help wanted btw :-) )