new Library Infrastructure spec.
Simon Peyton-Jones
simonpj at microsoft.com
Wed Jun 2 03:49:55 EDT 2004
| > I like the simplicity but would also like the spec
| > to make it easy for me to guarantee that that I
| > don't end up running/installing malware.
| >
| > I think Haskell's typesystem and purity should
| > make it relatively easy to make sure that:
I don't think so, alas. The IO monad lets you do *anything*, and of
course Setup.lhs runs in the IO monad, else it would not be able to move
files or run a compiler.
So I'm not optimistic. Perhaps a package whose Setup.lhs did nothing
but import Distribution.Simple (which you perhaps trust) would be more
trustworthy than a big pile of goop.
But remember that you are installing a library that you will later
(presumably) run, and that might be bad too.
I'm not optimistic here.
Simon
More information about the Libraries
mailing list