[Haskell-cafe] security update practice?

Carter Schonwald carter.schonwald at gmail.com
Wed Jul 9 03:23:59 UTC 2014


You can actually mark specific package releases deprecated on hackage.
Which prevents cabal from picking it as part of a build plan. This of
course doesn't handle the dissemination issue of course.

On Tuesday, July 8, 2014, Mark Wotton <mwotton at gmail.com> wrote:

> Hi all,
>
> there was a security update to the underlying library to one of my
> bindings last night (lz4) and it got me thinking - how do we handle
> security updates as a community? I typically find out from IRC or
> twitter now, which isn't particularly reliable. Might it be possible
> to mark an update on Hackage as a security update rather than feature
> update?
>
> cheers
> Mark
>
> --
> A UNIX signature isn't a return address, it's the ASCII equivalent of a
> black velvet clown painting. It's a rectangle of carets surrounding a
> quote from a literary giant of weeniedom like Heinlein or Dr. Who.
>         -- Chris Maeda
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe at haskell.org <javascript:;>
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20140708/82e9176d/attachment.html>


More information about the Haskell-Cafe mailing list