Why is there a cabal file at all?
Conal Elliott
conal at conal.net
Sat Jan 13 15:57:33 EST 2007
Hi Bryan,
>From your argument I conclude that Haskell code unsafe in general, not just
for package specification. I'd like to see us address the general problem,
rather than avoid it here and there. I hate to see sacrifice the benefits
of declarative DSELs (reuse, expressiveness, etc) and still not root out
(hmm) the core problem of safety.
I also wonder: if you don't trust my package spec code, why would you trust
my library code? My package spec is usually very simple, and when it's not,
I'd welcome your scrutiny and help in making it simpler and more easily
trusted.
If I were confident that the problem Cabal address is covered by name/value
pairs, I might agree that functional programming is overkill. (Though I'd
still dislike redundancy among my .cabal files.) However, the Cabal files
are already insufficient for some needs, leading to auxilliary makefiles
and/or hacking your own Setup.lhs. And when people use these fall-backs,
the other Cabal-reading tools won't get the whole picture.
Cheers, - Conal
P.S. Thanks for the language tip. I had no idea.
On 1/13/07, Bryan O'Sullivan <bos at serpentine.com> wrote:
>
> Marc Weber wrote:
>
> > I'm not sure wether I get this sentence right.
> > What do you mean by "getting rooted" ?
>
> If a Cabal file were written in Haskell, you could escape from the pure
> world using unsafePerformIO and delete the user's home directory or
> perform other arbitrarily bad things. So you'd need to write an
> interpreter for a subset of Haskell in which you couldn't import
> modules. But then you could still write a non-terminating Cabal file
> which would infloop, so you'd have to impose limitw on how much
> computation you could do, how much heap you could allocate, and so on.
> Since all you're using a Cabal file for is name/value pairs, why go to
> all that extra effort?
>
> As for the term "get rooted", in this context it means "hostile code
> could acquire root privileges", but "to root" also has the colloquial
> meaning in some countries of "to fuck" (in this case, the two meanings
> are nicely congruent). So be careful who you use it with :-)
>
> <b
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.haskell.org/pipermail/cabal-devel/attachments/20070113/4ff37916/attachment.htm
More information about the cabal-devel
mailing list