[Haskell-cafe] Hackage inconsistent? (pandoc.cabal in 1.13.1)

Magnus Therning magnus at therning.org
Mon Oct 27 18:47:51 UTC 2014

On Mon, Oct 27, 2014 at 02:30:29PM -0400, mantkiew at gsd.uwaterloo.ca wrote:
> On Hackage you can adjust bounds of dependencies without having to
> upload a new package version and that was done in consistently with
> github repo.

I notice there already is a discussion on the danger of allowing
modifications like this, in particular related to reproducibility of
builds [1].

I have to say I really do hope that a solution is found where I can
go back to trusting version numbers that still allows minor tweaks.

The current situation is particularly irritating.  Up until now it was
safe to use the index to inspect Cabal files, because the Cabal file
found in the index was the same as the one found in the package tar
ball.  Removing this relationship is a *big* change!  Is there any
chance of it being restored?


[1]: https://github.com/haskell/hackage-server/issues/52

Magnus Therning                      OpenPGP: 0xAB4DFBA4 
email: magnus at therning.org   jabber: magnus at therning.org
twitter: magthe               http://therning.org/magnus

Most software today is very much like an Egyptian pyramid with
millions of bricks piled on top of each other, with no structural
integrity, but just done by brute force and thousands of slaves.
     -- Alan Kay
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20141027/fc3cb50e/attachment.sig>

More information about the Haskell-Cafe mailing list