new Library Infrastructure spec.
S. Alexander Jacobson
haskell at alexjacobson.com
Tue Jun 1 18:26:17 EDT 2004
I like the simplicity but would also like the spec
to make it easy for me to guarantee that that I
don't end up running/installing malware.
I think Haskell's typesystem and purity should
make it relatively easy to make sure that:
1. installation has no sideeffects beyond
making a module available for import
2. import has no sideeffects beyond making
functions in a module available
3. the installer and perhaps end-user is notified
if functions in a module/package use
unsafeperformIO or some equivalent and perhaps
what IO functions the IO monad code actually
does use (if any).
I don't want to have to trust a random downloaded
Setup.lhs (I don't want to have to read/understand
its source) and I suspect it is easy enough to
make sure that I don't have to.
-Alex-
PS I know that other languages require that lib
users trust lib authors and have been succesful
nonetheless, but I don't think we have to impost
that requirement. Combined with quickcheck and
other Haskell verification tools, that guarantees
the functionality of a lib, we should be able to
have a really really awesome Haskell lib
infrastructure.
_________________________________________________________________
S. Alexander Jacobson mailto:me at alexjacobson.com
tel:917-770-6565 http://alexjacobson.com
More information about the Libraries
mailing list