[Haskell-cafe] security update practice?
adam at bergmark.nl
Wed Jul 9 23:01:12 UTC 2014
On Wed, Jul 9, 2014 at 5:23 AM, Carter Schonwald <carter.schonwald at gmail.com
> You can actually mark specific package releases deprecated on hackage.
> Which prevents cabal from picking it as part of a build plan. This of
> course doesn't handle the dissemination issue of course.
A deprecated version is not a hard constraint. In particular Cabal seems to
prefer installed versions over deprecations, so in a lot of cases the
deprecated versions will still be picked.
> On Tuesday, July 8, 2014, Mark Wotton <mwotton at gmail.com> wrote:
>> Hi all,
>> there was a security update to the underlying library to one of my
>> bindings last night (lz4) and it got me thinking - how do we handle
>> security updates as a community? I typically find out from IRC or
>> twitter now, which isn't particularly reliable. Might it be possible
>> to mark an update on Hackage as a security update rather than feature
>> A UNIX signature isn't a return address, it's the ASCII equivalent of a
>> black velvet clown painting. It's a rectangle of carets surrounding a
>> quote from a literary giant of weeniedom like Heinlein or Dr. Who.
>> -- Chris Maeda
>> Haskell-Cafe mailing list
>> Haskell-Cafe at haskell.org
> Haskell-Cafe mailing list
> Haskell-Cafe at haskell.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Haskell-Cafe