[Haskell-cafe] Idea for hackage feature

Conrad Parker conrad at metadecks.org
Thu Sep 16 21:29:34 EDT 2010

On 17 September 2010 10:12, Ben Millwood <haskell at benmachine.co.uk> wrote:
> On Fri, Sep 17, 2010 at 1:44 AM, Ivan Lazar Miljenovic
> <ivan.miljenovic at gmail.com> wrote:
>> On 17 September 2010 03:18, Henning Thielemann
>>> My suggestion is to move the Unsafe modules to a new package 'unsafe'.
>>> Then you can easily spot all "dirty" packages by looking at reverse
>>> dependencies of 'unsafe'.
>> Hooray, yet another supposedly stand-alone library that GHC will
>> depend on and thus can't be upgraded anyway, so there's no real
>> advantage of making it stand-alone (after all, doesn't base use
>> unsafeInterleaveIO or something for lazy IO?).
> Well, it's not like we plan on regularly fiddling that API :)
> The clever thing about this suggestion is that most packages don't
> *export* equivalent power to unsafePerformIO even if they import it
> (inlinePerformIO from bytestring is a notable exception) so you can
> easily see from a library's *immediate* dependencies whether it could
> potentially do anything naughty or not. Also, it's implementable
> entirely with existing technology, although we'll probably want a
> major base version bump to remove the modules.

Couldn't that information be discovered by Hackage simply grepping the
sources? Surely if all you want to know is if a package calls
unsafePerformIO directly, that is the simplest way. Grepping would
also find callers of inlinePerformIO, which would be far more useful
than tainting every package that depends on bytestring just because it
might call that function.



More information about the Haskell-Cafe mailing list