[Haskell-cafe] mtl-2.1 severly broken, cabal needs blacklisting

Andreas Abel andreas.abel at ifi.lmu.de
Tue Nov 13 17:27:10 CET 2012

After 2 days of shrinking 251 modules of source code to a few lines I 
realized that modify in MonadState causes <<loop>> in mtl-2.1.


The bug has been fixed, apparently seven month ago.


However, the "malicious" mtl-2.1 still lingers on: it is available from 
hackage and installed in many systems.

This calls for a means of blacklisting broken or malicious packages.

   cabal update

should also pull a blacklist of packages that will never be selected by 
cabal install (except maybe by explicit user safety overriding).

I think such a mechanism is not only necessary for security purposes, 
but also to safe the valuable resources of our community.


Andreas Abel  <><      Du bist der geliebte Mensch.

Theoretical Computer Science, University of Munich
Oettingenstr. 67, D-80538 Munich, GERMANY

andreas.abel at ifi.lmu.de

More information about the Haskell-Cafe mailing list