security/ experimental packages? authorization uncomon source locations, hackage db?

Marc Weber marco-oweber at
Sat Jan 6 06:38:43 EST 2007

I've read the discussion about who is able to upload packages..
This is nice if you want to install most common packages..

But the packaging system is intended to save time. Thus what about
I want to install an experimntal synthesizer which uses an experimental
haskore interface from a person who hasn't registered his lib on
hackage-db yet?

In short:
Would it be useful to allow speciyfing different download locations for
dependencies in a cabal file?

-- Lib.cabal --
depends: ExperimentalLib > 2.0  { location: http://person/haskell/ExperimentalLib.cabal }

This would give much more freedom ..

I agree that it might be useful to "mask" those packages ...
But its much more convinient to do

cabal-install --allow-non-hackage-locations Lib

than downloading/ installing/ updating those libs manually ?

I think if you need total security you won't use this flag or use
someithing like chroot (already mentioned) or user mode linux .. ;)

But this issue adresses the question:
What is hackage about:
	an automated installation system
	an automated installation system + package list (centralized at
	hackagedb ?)


More information about the cabal-devel mailing list