Making cabal-install SSL capable

Yitzchak Gale gale at
Thu Apr 30 10:12:09 UTC 2015

As a user of both http-client and tls, I can vouch for having
very good experience with both, and I thank Michael
for his offer. I prefer that option.

However -

Both extra Haskell dependencies and C dependencies are a
problem for cabal-install.

The reason is that cabal is a basic requirement to
bootstrap a Haskell installation from scratch. So either of those
will make life very much harder for distro packagers, builders
of Haskell Platform or other such from-scratch installation
options, and anyone who needs to get a Haskell
tool chain installed on a platform that is non-standard in some

So I suggest that we have basic cabal-install - perhaps stripped
down even more than it is now - which is designed for easy
porting, with no C dependency and minimal Haskell

Furthermore, that basic cabal-install does need some SSL
option - probably Gershom's shell-out option, even though
I don't prefer that for every day use, because it can be
implemented with minimal dependencies. The reason is the
same - for porting. Once you have cabal-install-basic installed,
the only thing you may ever use it for is a one-time installation
of full cabal-install. But that's a very sensitive installation - if that
is compromised, you're hosed. So if there's any time you need
SSL, it's then.

In summary - I vote for cabal-install-basic with no C deps,
very minimal Haskell deps, possibly stripped-down cabal
functionality if needed, and a simple SSL shell-out option designed
for maximum portability. And then, one or more full-featured
cabal-install packages, with one of them being the tls option.


More information about the cabal-devel mailing list