From hecate at haskell.foundation Sun Jul 2 19:46:21 2023 From: hecate at haskell.foundation (=?UTF-8?Q?Theophile_H=C3=A9cate_Choutri?=) Date: Sun, 2 Jul 2023 21:46:21 +0200 Subject: Fwd: Cabal security advisory proposal In-Reply-To: References: Message-ID: Hi everyone, We have received another proposal regarding the Sovereign Tech Fund grants. I'd be happy to spend some time on Thursday to make sure we're on the same page. In the meantime, please do not hesitate to provide feedback. Cheers, Hécate ---------- Forwarded message --------- From: Trevis Elser Date: Sun, 2 Jul 2023 at 17:27 Subject: Cabal security advisory proposal To: hecate at haskell.foundation Hi there! You may have heard the German government is accepting proposals to work on OSS (https://sovereigntechfund.de/en/challenges/). I'm working on putting together a submission for my employer, Flipstone, to add a cabal feature allowing a check of dependencies against the new security advisories database. @David Thrane Christiansen Suggested reaching out to you to get any suggestions in submitting this and to see if you might have anything for us to add particularly to the section that is as follows: "Describe your relationship to the maintainers of this technology. Are you yourself the maintainer? Do they know you plan to do this work and do they support it? Please tell us more about how you obtained their support and how you plan to work together to make sure your contributions are accepted." For what it's worth my thought is that we'd use the external command functionality that I've seen you've contributed to at https://github.com/haskell/cabal/pull/9063 to at least initially build this out and then perhaps work to get it merged or not. Finally, I'd love to hear if you have thoughts on accurately representing cabal for the questions: "How are decisions regarding this technology's development made? Please describe the project's governance model." and "How does this project handle security risks? Are there policies, procedures, or tools in place to minimize the introduction of vulnerabilities or undesired contributions?" Thanks so much for your time! -- Trevis Elser | Chair Stability Working Group | Software Engineer -------------- next part -------------- An HTML attachment was scrubbed... URL: From a.pelenitsyn at gmail.com Mon Jul 3 21:56:14 2023 From: a.pelenitsyn at gmail.com (Artem Pelenitsyn) Date: Mon, 3 Jul 2023 17:56:14 -0400 Subject: A pure Matrix room for Hackage/Cabal Message-ID: Dear Hackage/Cabal devs, geekosaur created a purely Matrix room for us and shared the admin bit with me: https://matrix.to/#/#hackage:matrix.org We'd be happy to share more and have you there, at the least! This is prompted by the announcement earlier today: https://libera.chat/news/matrix-deportalling tldr; is that the "portal mode" where you can participate in an IRC-first room from Matrix transparently will be decommissioned by the end of the month. Other options are on the table. E.g. I think @fgaz is researching the "plumbing mode" where you have a pure-Matrix room with a connection to a IRC-native room like #hackage at libera.chat, but I don't know enough about it. As far as I understand, this new room I'm announcing here does not close any doors. Personally, I'd hope that we all just move to Matrix and forget the IRC horror where we suggest newcomers to use a paid (!!!) solution like IRCCloud if they want to address a question to Cabal devs (who only hang out on IRC) and have a better than 1970s-experience (and a mobile client). -- Kind regards, Artem -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikolaj at well-typed.com Tue Jul 4 21:15:23 2023 From: mikolaj at well-typed.com (Mikolaj Konarski) Date: Tue, 4 Jul 2023 23:15:23 +0200 Subject: Fwd: Cabal/ | Repository mirroring paused In-Reply-To: <64a48ae8c8079_399dfead1d82560d6@gitlab.mail> References: <64a48ae8c8079_399dfead1d82560d6@gitlab.mail> Message-ID: Hello, Any idea what this is about? I guess the mirror of cabal's github repo on gitlab? Did anything change there? Cheers, Mikolaj ---------- Forwarded message --------- From: GitLab Date: Tue, Jul 4, 2023 at 11:11 PM Subject: Cabal/ | Repository mirroring paused To: Repository mirroring on haskell/cabal has been paused due to too many failures. The last failure was: 13:updating ref with hooks: running pre-receive hooks: GitLab: You are not allowed to push code to protected branches on this project.. To resume mirroring update your repository mirroring settings. — From matthew.fernandez at gmail.com Tue Jul 4 21:23:02 2023 From: matthew.fernandez at gmail.com (Matthew Fernandez) Date: Tue, 4 Jul 2023 14:23:02 -0700 Subject: Fwd: Cabal/ | Repository mirroring paused In-Reply-To: References: <64a48ae8c8079_399dfead1d82560d6@gitlab.mail> Message-ID: <3da748e1-532a-adb9-7751-798c43286228@gmail.com> The Graphviz project has seen similar Gitlab error messages a few weeks ago. We didn’t do anything and the errors seemed to resolve themselves. On 7/4/23 14:15, Mikolaj Konarski wrote: > Hello, > > Any idea what this is about? > > I guess the mirror of cabal's github repo on gitlab? > > Did anything change there? > > Cheers, > Mikolaj > > ---------- Forwarded message --------- > From: GitLab > Date: Tue, Jul 4, 2023 at 11:11 PM > Subject: Cabal/ | Repository mirroring paused > To: > > > Repository mirroring on haskell/cabal has been paused due to too many > failures. The last failure was: > > 13:updating ref with hooks: running pre-receive hooks: GitLab: You are > not allowed to push code to protected branches on this project.. > > To resume mirroring update your repository mirroring settings. > > — > _______________________________________________ > cabal-devel mailing list > cabal-devel at haskell.org > http://mail.haskell.org/cgi-bin/mailman/listinfo/cabal-devel From mikolaj at well-typed.com Wed Jul 5 20:19:55 2023 From: mikolaj at well-typed.com (Mikolaj Konarski) Date: Wed, 5 Jul 2023 22:19:55 +0200 Subject: Fwd: Cabal/ | Repository mirroring paused In-Reply-To: <3da748e1-532a-adb9-7751-798c43286228@gmail.com> References: <64a48ae8c8079_399dfead1d82560d6@gitlab.mail> <3da748e1-532a-adb9-7751-798c43286228@gmail.com> Message-ID: > The Graphviz project has seen similar Gitlab error messages a few weeks > ago. We didn’t do anything and the errors seemed to resolve themselves. Thank you. That's how true masters solve problems. :) So far, our pipelines are green, too: https://gitlab.haskell.org/haskell/cabal/-/pipelines From bryan at haskell.foundation Mon Jul 10 07:06:55 2023 From: bryan at haskell.foundation (Bryan Richter) Date: Mon, 10 Jul 2023 10:06:55 +0300 Subject: Fwd: Cabal/ | Repository mirroring paused In-Reply-To: References: <64a48ae8c8079_399dfead1d82560d6@gitlab.mail> <3da748e1-532a-adb9-7751-798c43286228@gmail.com> Message-ID: Actually it looks like mirroring is still paused. [image: image.png] > Pull mirroring failed Jul 5, 2023, 12:11 AM. > Repository mirroring has been paused due to too many failed attempts. It can be resumed by a project maintainer or owner. > Last successful update Jul 2, 2023, 11:40 PM. Perhaps there was a "fix" in the recent update to GitLab that disallows pulls from modifying protected branches. I will look into this today. On Wed, 5 Jul 2023 at 23:20, Mikolaj Konarski wrote: > > The Graphviz project has seen similar Gitlab error messages a few weeks > > ago. We didn’t do anything and the errors seemed to resolve themselves. > > Thank you. That's how true masters solve problems. :) > > So far, our pipelines are green, too: > > https://gitlab.haskell.org/haskell/cabal/-/pipelines > _______________________________________________ > cabal-devel mailing list > cabal-devel at haskell.org > http://mail.haskell.org/cgi-bin/mailman/listinfo/cabal-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image.png Type: image/png Size: 40397 bytes Desc: not available URL: From mikolaj at well-typed.com Mon Jul 10 07:32:42 2023 From: mikolaj at well-typed.com (Mikolaj Konarski) Date: Mon, 10 Jul 2023 09:32:42 +0200 Subject: Fwd: Cabal/ | Repository mirroring paused In-Reply-To: References: <64a48ae8c8079_399dfead1d82560d6@gitlab.mail> <3da748e1-532a-adb9-7751-798c43286228@gmail.com>

Message-ID: > Actually it looks like mirroring is still paused. Indeed. The pipeline is green, but it stopped updating at around the same time as the warning email. > I will look into this today. Thank you so much. Cheers, Mikolaj From bryan at haskell.foundation Tue Jul 11 11:58:48 2023 From: bryan at haskell.foundation (Bryan Richter) Date: Tue, 11 Jul 2023 14:58:48 +0300 Subject: Fwd: Cabal/ | Repository mirroring paused In-Reply-To: References: <64a48ae8c8079_399dfead1d82560d6@gitlab.mail> <3da748e1-532a-adb9-7751-798c43286228@gmail.com>

Message-ID: I... am not exactly sure what happened. But I "turned it off and turned it on again" and it seems to be syncing now. On Mon, 10 Jul 2023 at 10:32, Mikolaj Konarski wrote: > > Actually it looks like mirroring is still paused. > > Indeed. The pipeline is green, but it stopped updating > at around the same time as the warning email. > > > I will look into this today. > > Thank you so much. > > Cheers, > Mikolaj > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mikolaj at well-typed.com Tue Jul 11 13:46:28 2023 From: mikolaj at well-typed.com (Mikolaj Konarski) Date: Tue, 11 Jul 2023 15:46:28 +0200 Subject: Fwd: Cabal/ | Repository mirroring paused In-Reply-To: References: <64a48ae8c8079_399dfead1d82560d6@gitlab.mail> <3da748e1-532a-adb9-7751-798c43286228@gmail.com>

Message-ID: See above for "true masters" and "problems get out of the way". ;) On Tue, Jul 11, 2023 at 1:59 PM Bryan Richter wrote: > > I... am not exactly sure what happened. But I "turned it off and turned it on again" and it seems to be syncing now. > > On Mon, 10 Jul 2023 at 10:32, Mikolaj Konarski wrote: >> >> > Actually it looks like mirroring is still paused. >> >> Indeed. The pipeline is green, but it stopped updating >> at around the same time as the warning email. >> >> > I will look into this today. >> >> Thank you so much. >> >> Cheers, >> Mikolaj From hecate at haskell.foundation Thu Jul 20 17:38:55 2023 From: hecate at haskell.foundation (=?UTF-8?Q?Theophile_H=C3=A9cate_Choutri?=) Date: Thu, 20 Jul 2023 19:38:55 +0200 Subject: 20/07/2023 Cabal meeting minutes Message-ID: Hi everyone You will find below the minutes of the Cabal meeting that was held on the 20/07/2023. This meeting occurs every two weeks and is absolutely open to developers, newcomers and stakeholders. Do contact the dev team if you want an invitation to the event. --- # 3.10 backports * https://github.com/haskell/cabal/pull/9141 * https://github.com/haskell/cabal/pull/9088 ## Future work wishlist Gershom would like to have an override of cabal.project imports. There are many code paths that are not always entirely lined up. Hécate would like to refactor some of the code paths that live independently of each-other, do the same things, but output different observable results when called the same way. The typical case is one code path living in lib:Cabal, another living in cabal-install, and they could be factored. # Current progress Francesco A. is looking at #7544, to see whether it fits `cabal check` needs. Kristen is reviewing https://github.com/haskell/cabal/pull/9134 Suganya is waiting for #9018 to be merged and working in parallel to typify other errors. Good job Suganya! We discussed the relationship between GHC 9.8 and the accompanying Cabal release. Ben suggested that the Cabal release could be a minor release. However, given that in 9.8 we have `jsem` which requires Cabal support, it seems appropriate for this to be a major release (Cabal-3.12). Hecate agreed. We will try to have a major release branch for GHC 9.8 alpha 3 in late August Ben enquired about the "inplace" flag and its semantics, related to a bug encountered during GHC development: https://gitlab.haskell.org/ghc/ghc/-/issues/23594 -------------- next part -------------- An HTML attachment was scrubbed... URL: