[Haskell-cafe] security update practice?
Adam Bergmark
adam at bergmark.nl
Wed Jul 9 23:01:12 UTC 2014
On Wed, Jul 9, 2014 at 5:23 AM, Carter Schonwald <carter.schonwald at gmail.com
> wrote:
> You can actually mark specific package releases deprecated on hackage.
> Which prevents cabal from picking it as part of a build plan. This of
> course doesn't handle the dissemination issue of course.
A deprecated version is not a hard constraint. In particular Cabal seems to
prefer installed versions over deprecations, so in a lot of cases the
deprecated versions will still be picked.
> On Tuesday, July 8, 2014, Mark Wotton <mwotton at gmail.com> wrote:
>
>> Hi all,
>>
>> there was a security update to the underlying library to one of my
>> bindings last night (lz4) and it got me thinking - how do we handle
>> security updates as a community? I typically find out from IRC or
>> twitter now, which isn't particularly reliable. Might it be possible
>> to mark an update on Hackage as a security update rather than feature
>> update?
>>
>> cheers
>> Mark
>>
>> --
>> A UNIX signature isn't a return address, it's the ASCII equivalent of a
>> black velvet clown painting. It's a rectangle of carets surrounding a
>> quote from a literary giant of weeniedom like Heinlein or Dr. Who.
>> -- Chris Maeda
>> _______________________________________________
>> Haskell-Cafe mailing list
>> Haskell-Cafe at haskell.org
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe at haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20140710/3283ad0f/attachment.html>
More information about the Haskell-Cafe
mailing list