[Haskell-cafe] Fwd: Fwd: Compatibility etiquette for apps, with cabal sandboxes and `stack`

Michael Orlitzky michael at orlitzky.com
Sun Nov 29 23:24:52 UTC 2015

On 11/29/2015 06:11 PM, Paolo Giarrusso wrote:
> On 29 November 2015 at 20:12, Michael Orlitzky <michael at orlitzky.com> wrote:
>> On 11/29/2015 01:37 PM, Omari Norman wrote:
>>> Distribution packagers are savvy enough to use stack.
>> Ignoring the question of *how* that might work, most distributions
>> forbid bundled dependencies because it creates a maintenance nightmare
>> and fills our users' machines with untraceable security vulnerabilities.
> But doesn't Haskell do static linking (usually) and cross-module
> inlining? Or are you fine with static linking as long as it's somehow
> tracked by the package manager, so that upgrading some-vuln-lib from
> 1.0 to 1.1 forces upgrading all client programs (looks quite doable at
> least with Debian packages)?

GHC does dynamic linking now, but I'm OK with static linking as long as
it's tracked. The end result is the same as if you had dynamic linking,
only with a lot more wasted space and rebuilds/reinstalls.

More information about the Haskell-Cafe mailing list