[Haskell-cafe] mtl-2.1 severly broken, cabal needs blacklisting

Dan Burton danburton.email at gmail.com
Tue Nov 13 17:39:35 CET 2012


Mixed feelings here. I personally subscribe to the philosophy of "do one
thing and do it well"; perhaps this sort of functionality would be better
delegated to a new "curation" tool such as the one described in Michael
Snoyman's recent blog post.
http://www.yesodweb.com/blog/2012/11/solving-cabal-hell

-- Dan Burton (801-513-1596)


On Tue, Nov 13, 2012 at 9:27 AM, Andreas Abel <andreas.abel at ifi.lmu.de>wrote:

> After 2 days of shrinking 251 modules of source code to a few lines I
> realized that modify in MonadState causes <<loop>> in mtl-2.1.
>
>
> http://hackage.haskell.org/**packages/archive/mtl/2.1/doc/**
> html/src/Control-Monad-State-**Class.html#modify<http://hackage.haskell.org/packages/archive/mtl/2.1/doc/html/src/Control-Monad-State-Class.html#modify>
>
> The bug has been fixed, apparently seven month ago.
>
>   https://github.com/ekmett/mtl/**pull/1<https://github.com/ekmett/mtl/pull/1>
>
> However, the "malicious" mtl-2.1 still lingers on: it is available from
> hackage and installed in many systems.
>
> This calls for a means of blacklisting broken or malicious packages.
>
>   cabal update
>
> should also pull a blacklist of packages that will never be selected by
> cabal install (except maybe by explicit user safety overriding).
>
> I think such a mechanism is not only necessary for security purposes, but
> also to safe the valuable resources of our community.
>
> Cheers,
> Andreas
>
> --
> Andreas Abel  <><      Du bist der geliebte Mensch.
>
> Theoretical Computer Science, University of Munich
> Oettingenstr. 67, D-80538 Munich, GERMANY
>
> andreas.abel at ifi.lmu.de
> http://www2.tcs.ifi.lmu.de/~**abel/ <http://www2.tcs.ifi.lmu.de/~abel/>
>
> ______________________________**_________________
> Libraries mailing list
> Libraries at haskell.org
> http://www.haskell.org/**mailman/listinfo/libraries<http://www.haskell.org/mailman/listinfo/libraries>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20121113/cf2b0b8b/attachment.htm>


More information about the Haskell-Cafe mailing list