[Haskell-cafe] Fwd: Fwd: Compatibility etiquette for apps, with cabal sandboxes and `stack`
Michael Orlitzky
michael at orlitzky.com
Sun Nov 29 23:24:52 UTC 2015
On 11/29/2015 06:11 PM, Paolo Giarrusso wrote:
> On 29 November 2015 at 20:12, Michael Orlitzky <michael at orlitzky.com> wrote:
>> On 11/29/2015 01:37 PM, Omari Norman wrote:
>>>
>>> Distribution packagers are savvy enough to use stack.
>>
>> Ignoring the question of *how* that might work, most distributions
>> forbid bundled dependencies because it creates a maintenance nightmare
>> and fills our users' machines with untraceable security vulnerabilities.
>
> But doesn't Haskell do static linking (usually) and cross-module
> inlining? Or are you fine with static linking as long as it's somehow
> tracked by the package manager, so that upgrading some-vuln-lib from
> 1.0 to 1.1 forces upgrading all client programs (looks quite doable at
> least with Debian packages)?
>
GHC does dynamic linking now, but I'm OK with static linking as long as
it's tracked. The end result is the same as if you had dynamic linking,
only with a lot more wasted space and rebuilds/reinstalls.
More information about the Haskell-Cafe
mailing list