new Library Infrastructure spec.

Simon Peyton-Jones simonpj at
Wed Jun 2 03:49:55 EDT 2004

| > I like the simplicity but would also like the spec
| > to make it easy for me to guarantee that that I
| > don't end up running/installing malware.
| >
| > I think Haskell's typesystem and purity should
| > make it relatively easy to make sure that:

I don't think so, alas.  The IO monad lets you do *anything*, and of
course Setup.lhs runs in the IO monad, else it would not be able to move
files or run a compiler. 

So I'm not optimistic.  Perhaps a package whose Setup.lhs did nothing
but import Distribution.Simple (which you perhaps trust) would be more
trustworthy than a big pile of goop.

But remember that you are installing a library that you will later
(presumably) run, and that might be bad too.

I'm not optimistic here. 


More information about the Libraries mailing list