[Haskell-cafe] Fwd: Fwd: Compatibility etiquette for apps, with cabal sandboxes and `stack`

Paolo Giarrusso p.giarrusso at gmail.com
Sun Nov 29 23:11:58 UTC 2015


On 29 November 2015 at 20:12, Michael Orlitzky <michael at orlitzky.com> wrote:
> On 11/29/2015 01:37 PM, Omari Norman wrote:
>>
>> Distribution packagers are savvy enough to use stack.
>
> Ignoring the question of *how* that might work, most distributions
> forbid bundled dependencies because it creates a maintenance nightmare
> and fills our users' machines with untraceable security vulnerabilities.

But doesn't Haskell do static linking (usually) and cross-module
inlining? Or are you fine with static linking as long as it's somehow
tracked by the package manager, so that upgrading some-vuln-lib from
1.0 to 1.1 forces upgrading all client programs (looks quite doable at
least with Debian packages)?

--
Paolo G. Giarrusso - Ph.D. Student, Tübingen University
http://ps.informatik.uni-tuebingen.de/team/giarrusso/

-- 
Paolo G. Giarrusso - Ph.D. Student, Tübingen University
http://ps.informatik.uni-tuebingen.de/team/giarrusso/


More information about the Haskell-Cafe mailing list