<div dir="ltr">Just a little update on this. I pinged the author of publicsuffixlist (necessary for proper cookie domain handling) about removing the data-default dependency, and after discussion we decided to just merge the code into http-client instead. With that change, the full dependency list for http-client-openssl is in fact smaller that http-streams:<br><br>cabal install --dry-run --package-db=clear --package-db=global http-client-openssl<br>Resolving dependencies...<br>In order, the following would be installed (use -v for more details):<br>base64-bytestring-1.0.0.1<br>data-default-class-0.0.1<br>network-2.6.0.2<br>HsOpenSSL-0.11.1.1<br>random-1.1<br>stm-2.4.4<br>text-1.2.0.4<br>blaze-builder-0.4.0.1<br>cookie-0.4.1.5<br>hashable-1.2.3.2<br>case-insensitive-1.2.0.4<br>http-types-0.8.6<br>mime-types-0.1.0.6<br>transformers-0.4.3.0<br>mtl-2.2.1<br>parsec-3.1.9<br>network-uri-2.6.0.3<br>transformers-compat-0.4.0.4<br>exceptions-0.8.0.2<br>zlib-0.6.1.0<br>streaming-commons-0.1.12<br>http-client-0.4.11.2<br>http-client-openssl-0.2.0.1<br><div><br><div class="gmail_quote">On Tue, Apr 28, 2015 at 11:08 AM Herbert Valerio Riedel <<a href="mailto:hvriedel@gmail.com">hvriedel@gmail.com</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">On 2015-04-28 at 06:08:38 +0200, Michael Snoyman wrote:<br>
<br>
[...]<br>
<br>
> I offered Duncan last week that I'd port cabal-install over to<br>
> http-client/http-client-tls to add SSL support. That offer still stands.<br>
<br>
I did a quick check trying to find out the additional dependencies<br>
(relative to what 'cabal-install' currently depends on) http-client-tls<br>
would pull in (it seems http-client and tls each roughly account for<br>
half the ~50 deps below):<br>
<br>
async-2.0.2<br>
base64-bytestring-1.0.0.1<br>
blaze-builder-0.4.0.1<br>
byteable-0.1.1<br>
cereal-0.4.1.1<br>
clock-0.4.5.0<br>
cryptohash-0.11.6<br>
data-default-class-0.0.1<br>
data-default-instances-base-0.0.1<br>
data-default-instances-containers-0.0.1<br>
data-default-instances-old-locale-0.0.1<br>
dlist-0.7.1.1<br>
data-default-instances-dlist-0.0.1<br>
data-default-0.5.3<br>
cookie-0.4.1.4<br>
hashable-1.2.3.2<br>
case-insensitive-1.2.0.4<br>
hourglass-0.2.9<br>
asn1-types-0.3.0<br>
asn1-encoding-0.9.0<br>
asn1-parse-0.9.0<br>
crypto-pubkey-types-0.4.3<br>
http-types-0.8.6<br>
mime-types-0.1.0.6<br>
pem-0.2.2<br>
primitive-0.6<br>
securemem-0.1.7<br>
crypto-cipher-types-0.0.9<br>
cipher-aes-0.2.10<br>
cipher-des-0.0.6<br>
cipher-rc4-0.1.4<br>
socks-0.5.4<br>
streaming-commons-0.1.12<br>
transformers-compat-0.4.0.4<br>
exceptions-0.8.0.2<br>
utf8-string-1<br>
publicsuffixlist-0.1<br>
http-client-0.4.11.1<br>
vector-0.10.12.3<br>
crypto-random-0.0.9<br>
crypto-numbers-0.2.7<br>
crypto-pubkey-0.2.8<br>
x509-1.5.0.1<br>
x509-store-1.5.0<br>
x509-system-1.5.0<br>
x509-validation-1.5.1<br>
tls-1.2.17<br>
connection-0.2.4<br>
http-client-tls-0.2.2<br>
<br>
In contrast, I was surprised to see, that extending the HTTP package (or<br>
maybe just writing a 'HTTPS'-companion package) to use HsOpenSSL seems<br>
to pull in 'HsOpenSSL' as the only additional package...<br>
<br>
For comparision here's what http-streams (which I'm not suggesting right<br>
now, as I think going the 'HTTP'+'HsOpenSSL'-route would be better<br>
currently) would pull in (which could have a few deps less if it didn't<br>
pull in 'aeson'...):<br>
<br>
HsOpenSSL-0.11.1.1<br>
base64-bytestring-1.0.0.1<br>
blaze-builder-0.4.0.1<br>
bytestring-builder-0.10.6.0.0<br>
dlist-0.7.1.1<br>
hashable-1.2.3.2<br>
case-insensitive-1.2.0.4<br>
primitive-0.6<br>
scientific-0.3.3.8<br>
attoparsec-0.12.1.6<br>
syb-0.4.4<br>
unordered-containers-0.2.5.1<br>
http-common-0.8.2.0<br>
vector-0.10.12.3<br>
aeson-0.8.0.2<br>
zlib-bindings-0.1.1.5<br>
io-streams-1.3.0.0<br>
openssl-streams-1.2.1.0<br>
http-streams-0.8.3.1<br>
<br>
Cheers,<br>
hvr<br>
</blockquote></div></div></div>