claus.reinke at talk21.com
Mon Oct 20 15:20:08 EDT 2008
> The basic problem here is that the version number of the network package
> has not been bumped. ..
> .. Of course that's not true here because the package has
> changed without the version being bumped.
> Indeed the only reason it's trying to rebuild it at all is because the
> installed version has different deps from the available version, again
> due to the fact that it changed without changing version number.
> So the solution is for the updated network package to have its version
> bumped and for it to be released.
For ghc at least, couldn't cabal grep the hashes from the output of
find dist/ -name '*.hi' | xargs ghc --show-iface
and associate the collection of hashes for the exposed-modules and
cross-package imports with the version number, keeping a history of
would try to add the current version number with the current hashes,
complaining if the number already exists with different hashes
cabal sdist (and other distribution channels)
would check that the current version number is in the history with
the current hashes, and complain otherwise
Distributing packages without version number checks could result in
in "unverified" packages, so users would know that the dependencies
and version number haven't been checked (successful checks could
create a package signature based on .cabal+.history, or on the whole
Or are Ghc's new hashes non-portable/too specific?
More information about the Glasgow-haskell-users