Thread on Discourse - HIE file processing
Tristan Cacqueray
tdecacqu at redhat.com
Mon Jul 31 16:26:43 UTC 2023
On Mon, Jul 31, 2023 at 11:05 David Christiansen via ghc-devs wrote:
> Dear GHC devs,
>
> I think that having automated security advisory warnings from build tools
> is important for Haskell adoption in certain industries. This can be done
> based on build plans, but a package is really the wrong granularity - a
> large, widely-used package might export a little-used definition that is
> the subject of an advisory, and it would be good to warn only the users of
> said definition (cf base and readFloat).
>
> Tristan is exploring using HIE files to do this check, but I don't know if
> you read Discourse, where he posted the question:
> https://discourse.haskell.org/t/rfc-using-hie-files-to-list-external-declarations-for-cabal-audit/7147
>
Thank you David for bringing this up here. One thing to note is that we
would need hie files for ghc libraries, as proposed in:
https://gitlab.haskell.org/ghc/ghc/-/merge_requests/1337
Cheers,
-Tristan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 515 bytes
Desc: not available
URL: <http://mail.haskell.org/pipermail/ghc-devs/attachments/20230731/3e96b2e5/attachment.sig>
More information about the ghc-devs
mailing list