[Haskell-cafe] Cabal dependency hell

wren ng thornton wren at freegeek.org
Wed Apr 14 00:28:59 EDT 2010


Duncan Coutts wrote:
> On Sun, 2010-04-11 at 18:43 +0200, Maciej Piechotka wrote:
>>  - Privacy problem. I don't want the software to call home with data
>> without asking.
> 
> Obviously it is important that the data be anonymous and that we do not
> send stuff without the user's knowledge. While there is not any directly
> identifying information in the existing anonymous build reports, one has
> to be very careful with how much access the server provides to the
> reports or it may become possible to infer identifying information.

One possibility for mitigating the issues here is to have cabal present 
the entire message to the user for scrubbing prior to being 
submitted,[1] similar to how version control systems generally provide a 
summary of the patch (albeit uneditable) when asking for a patch 
description.

That poses other problems (e.g., reports which are too incomplete to be 
helpful or which are intentionally erroneous), and doesn't cover 
everything (e.g., taking advantage of outside knowledge that Duncan is 
one of the few users on Sparc/Linux), but it helps to solve the 
declassification problem (i.e., what data the user is willing to reveal 
to the server).


[1] Ideally in a way which allows scripting the scrubbing so folks can 
just specify preferences once. If we wanted to keep things simple for 
the implementors, then hooking into $EDITOR and assuming folks know how 
to script their favorite editor is one approach. Otherwise we'll want a 
(E)DSL that can be specified in config files.

-- 
Live well,
~wren


More information about the Haskell-Cafe mailing list