Making cabal-install SSL capable
Yitzchak Gale
gale at sefer.org
Thu Apr 30 10:12:09 UTC 2015
As a user of both http-client and tls, I can vouch for having
very good experience with both, and I thank Michael
for his offer. I prefer that option.
However -
Both extra Haskell dependencies and C dependencies are a
problem for cabal-install.
The reason is that cabal is a basic requirement to
bootstrap a Haskell installation from scratch. So either of those
will make life very much harder for distro packagers, builders
of Haskell Platform or other such from-scratch installation
options, and anyone who needs to get a Haskell
tool chain installed on a platform that is non-standard in some
way.
So I suggest that we have basic cabal-install - perhaps stripped
down even more than it is now - which is designed for easy
porting, with no C dependency and minimal Haskell
dependencies.
Furthermore, that basic cabal-install does need some SSL
option - probably Gershom's shell-out option, even though
I don't prefer that for every day use, because it can be
implemented with minimal dependencies. The reason is the
same - for porting. Once you have cabal-install-basic installed,
the only thing you may ever use it for is a one-time installation
of full cabal-install. But that's a very sensitive installation - if that
is compromised, you're hosed. So if there's any time you need
SSL, it's then.
In summary - I vote for cabal-install-basic with no C deps,
very minimal Haskell deps, possibly stripped-down cabal
functionality if needed, and a simple SSL shell-out option designed
for maximum portability. And then, one or more full-featured
cabal-install packages, with one of them being the tls option.
Thanks,
Yitz
More information about the cabal-devel
mailing list