new Library Infrastructure spec.

S. Alexander Jacobson haskell at alexjacobson.com
Tue Jun 1 18:26:17 EDT 2004


I like the simplicity but would also like the spec
to make it easy for me to guarantee that that I
don't end up running/installing malware.

I think Haskell's typesystem and purity should
make it relatively easy to make sure that:

1. installation has no sideeffects beyond
   making a module available for import

2. import has no sideeffects beyond making
   functions in a module available

3. the installer and perhaps end-user is notified
   if functions in a module/package use
   unsafeperformIO or some equivalent and perhaps
   what IO functions the IO monad code actually
   does use (if any).

I don't want to have to trust a random downloaded
Setup.lhs (I don't want to have to read/understand
its source) and I suspect it is easy enough to
make sure that I don't have to.

-Alex-

PS I know that other languages require that lib
users trust lib authors and have been succesful
nonetheless, but I don't think we have to impost
that requirement.  Combined with quickcheck and
other Haskell verification tools, that guarantees
the functionality of a lib, we should be able to
have a really really awesome Haskell lib
infrastructure.

_________________________________________________________________
S. Alexander Jacobson                  mailto:me at alexjacobson.com
tel:917-770-6565                       http://alexjacobson.com


More information about the Libraries mailing list