Thread on Discourse - HIE file processing
David Christiansen
david at haskell.foundation
Mon Jul 31 09:05:20 UTC 2023
Dear GHC devs,
I think that having automated security advisory warnings from build tools
is important for Haskell adoption in certain industries. This can be done
based on build plans, but a package is really the wrong granularity - a
large, widely-used package might export a little-used definition that is
the subject of an advisory, and it would be good to warn only the users of
said definition (cf base and readFloat).
Tristan is exploring using HIE files to do this check, but I don't know if
you read Discourse, where he posted the question:
https://discourse.haskell.org/t/rfc-using-hie-files-to-list-external-declarations-for-cabal-audit/7147
Thanks!
David
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.haskell.org/pipermail/ghc-devs/attachments/20230731/2c6bfba1/attachment.html>
More information about the ghc-devs
mailing list