[GHC] #8310: Can we change the semantics of `Trustworthy`?

GHC ghc-devs at haskell.org
Tue Oct 15 05:27:35 UTC 2013 

#8310: Can we change the semantics of `Trustworthy`?
-------------------------------------+------------------------------------
        Reporter:  ekmett            |            Owner:  dterei
            Type:  feature request   |           Status:  new
        Priority:  normal            |        Milestone:
       Component:  Compiler          |          Version:  7.6.3
      Resolution:                    |         Keywords:
Operating System:  Unknown/Multiple  |     Architecture:  Unknown/Multiple
 Type of failure:  None/Unknown      |       Difficulty:  Unknown
       Test Case:                    |       Blocked By:
        Blocking:                    |  Related Tickets:
-------------------------------------+------------------------------------

Comment (by dterei):

 @monoidal no trouble, yes I've been thinking it over and discussing with
 David
 Mazieres. There is a complication that isn't clear how to resolve.
 Mazieres is
 away in France right now so that's been delaying me.

 The problem. Imagine this situation.
 * `Data.ByteString` is marked and compiled as Trustworthy
 * module `A` imports Data.ByteString
 * module `A` is marked Trustworthy
 * module `A` resides in package P (and P only contains A)

 Assume that A could be inferred as `Safe`.

 Right now if you compile A with the following Safe Haskell flags you get
 these package trust dependencies:

  * Safe: bytestring, base
  * Trustworthy (ByteString imported without safe keyword): p
  * Trustworthy (ByteString imported with safe keyword): p, bytestring
  * (Inferred Safe): bytestring, base

 So if we changed it so `Trustworthy` marked modules could be inferred
 Safe,
 what package trust dependencies should be attached?

 Options:

  1) bytestring, base
  2) p
  3) p, bytestring
  4) p, bytestring, base

 It becomes unintuitive what packages you'll need to trust and that set
 will
 change unpredictably over time.

 Currently, package trust has a clear relationship and direct with
 `Trustworthy`,
 this change either makes that relation indirect, or confuses the boundary
 of
 `Safe` vs. `Trustworthy`.

 I'd love to hear any thoughts you or @ekmett have on this.

--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/8310#comment:3>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler

More information about the ghc-tickets mailing list