[GHC] #15567: security of package environment files
GHC
ghc-devs at haskell.org
Sun Aug 26 17:41:51 UTC 2018
#15567: security of package environment files
-------------------------------------+-------------------------------------
Reporter: joeyhess | Owner: (none)
Type: bug | Status: new
Priority: high | Milestone: 8.6.1
Component: Compiler | Version: 8.2.2
Resolution: | Keywords:
Operating System: Unknown/Multiple | Architecture:
| Unknown/Multiple
Type of failure: None/Unknown | Test Case:
Blocked By: | Blocking:
Related Tickets: | Differential Rev(s):
Wiki Page: |
-------------------------------------+-------------------------------------
Comment (by svenpanne):
The environment files were not "invented" in any way, they are just an
idea copied from Python (probably) in a bad way. The crucial point is: To
keep things reproducible and don't accidentally break perfectly fine
Haskell scripts/tools/etc., which just happen to be run in the "wrong"
working directory, ''opt-out'' is the wrong way to go. I totally
understand the motivation of having a "virtual environment"-like feature,
which is a great thing in itself, but by all means: Make this explicit,
otherwise it's a horrible misfeature, something which other language
infrastructures have already learned. I think I'm not alone in this view,
see https://github.com/haskell/cabal/issues/4542.
I really challenge the idea that virtual environments would be useless
when you have to opt-in: This is what e.g. Python people happily do.
Clearly documenting e.g. `cabal new-repl`, `cabal new-run` and a few words
about how to use `direnv`for people wanting some automatism should be
doable. Combine this with ''opt-in'' as the default, and everybody will be
happy...
--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/15567#comment:4>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
More information about the ghc-tickets
mailing list