What's next?
Iustin Pop
iusty at k1024.org
Thu Sep 5 21:06:35 CEST 2013
On Wed, Sep 04, 2013 at 09:14:03PM -0700, Johan Tibell wrote:
> Hi all,
>
> With 1.18 out the door it's time to look towards the future. Here are
> the major themes I'd like to see us work on next:
[…]
> ## Do the right thing automatically
>
> The focus here should be on avoiding manual steps the cabal could do
> for the user.
>
> * Automatically install dependencies when needed. When `cabal build`
> would fail due to a missing dependency, just install this dependency
> instead of bugging the user to do it. This will probably have to be
> limited to sandboxes where we can't break the user's system
I'm not sure if here by sandbox and break you mean break the
cabal/package installation, or protect against malicious code.
If it's not the latter (and even if it is, how safe are the sandboxes?),
I would argue that until cabal can verify authenticity of downloaded
archives, it would be better to not do this automatically. Maybe add a
new command, cabal fetch-deps or something like that, that can do it,
but leave 'cabal build' as a "safe" command.
thanks,
iustin
More information about the cabal-devel
mailing list