Delaying 7.10?

Bardur Arantsson spam at scientician.net
Thu Jan 29 18:27:26 UTC 2015 

On 01/29/2015 06:58 PM, Simon Peyton Jones wrote:
> Friends
> In a call with a bunch of type hackers, we were discussing
>                https://ghc.haskell.org/trac/ghc/ticket/9858
> This is a pretty serious bug.  It allows a malicious person to construct his own unsafeCoerce, and so completely subverts Safe Haskell.
> Actually there are two bugs (see comment:19).  The first is easily fixed.  But the second is not.
> We explored various quick fixes, but the real solution is not far out of reach.  It amounts to this:
> 

I'm definitely not qualified to "vote" on this, but out of curiosity is
this something which will affect *existing* and *deployed* (or, I guess,
soon-to-be-deployed-after-being-recompiled-with-7.10-without-changes)
code? It it something which will "just" affect Try Haskell and similar
initiatives which must use Safe Haskell to avoid trivial DoS and
exploitation?

Would the "do not derive Typeable for polykinded type constructors"
break huge amounts of existing pre-7.10 code, etc.?

It's pretty hard to evaluate *consequences* of available choices from
the Trac thread, so maybe a little write-up of what the current choices
(and consequences) are would be in order.

> But (a) it's serious and, as it happens, (b) there is also the BBP Prelude debate going on.
> Hence the question: should we simply delay 7.10  by, say, a month?  After all, the timetable is up to us.  Doing so might give a bit more breathing space to the BBP debate, which might allow time for reflection and/or implementation of modest features to help the transition.  (I know that several are under discussion.)  Plus, anyone waiting for 7.10 can simply use RC2, which is pretty good.
> Would that be a relief to the BBP debate?  Or any other opinions.
> Simon
> PS: I know, I know: there is endless pressure to delay releases to get stuff in.  If we give in to that pressure, we never make a release.  But we should know when to break our own rules.  Perhaps this is such an occasion.

As a mostly disinterested observer of the BBP debate, I'd say letting
that influence a decision on this matter is veering somewhat close to
"endless pressure to delay releases to get stuff in" -- either the issue
is serious enough on its own or it isn't.

I understand and acknowledge that there are valid arguments on either
side and that reasonable people can disagree on these matters :). I'm
just offering an opinion.

Regards,

More information about the ghc-devs mailing list