SearchPath (was RE: hackage, cabal-get, and security)

S. Alexander Jacobson alex at alexjacobson.com
Wed May 18 12:58:36 EDT 2005 

On Wed, 18 May 2005, Simon Marlow wrote:
> On 17 May 2005 17:14, S. Alexander Jacobson wrote:
>> With SearchPath, you supply the URLs of the module maps you want to
>> use.  SearchPath then uses these map to locate, download and "install"
>> needed libraries without further user intervention.
>>
>> A module map is just a file mapping module names to the base URLs of
>> directories in which they reside.  If you want to supply the URL of a
>> particular version of a module map rather than "latest" you are free
>> to do that.
>
> But how do you know what module maps were being used by the author of
> the module you download?  Don't you have to download their module map
> file too?

With Cabal, if you download two packages, how do you know that they 
won't require conflicting versions of another module/package?

The reality is that, no matter what, you always have to assume that 
the user and author of a particular module/package need to live in 
basically the same universe of modules and packages.

The advantage of SearchPath over the status quo is that its module 
maps make this universe explicit and versionable rather than tacit and 
unidentifiable.

The value of explicit shared module maps is that you increase the 
likelihood that module authors and users will actually agree on module 
meanings.  For example, both author and user can use the map at 
haskell.org.  If they are in the same organization, they can ALSO use 
their organization's module map (inheriting some meanings from 
haskell.org and overriding others).  They can also use their 
division's module map inheriting from their organizations map, etc.

The implicit maps of Cabal's "build-depends" are an invitation for 
conflict.  You have no particularly good reason to assume that any two 
packages will be compatible.  Worse, you have no particularly good 
reason to assume that the user of your package will be able to *find* 
the packages on which it depends.  Thus you try to minimize code reuse.

SearchPath's explicit shared module maps makes it much less likely 
that author and user will end up with different meanings for a 
particular module name and make it much less likly that the user won't 
be able to resolve module dependencies, making code reuse much more 
likely.

-Alex-


______________________________________________________________
S. Alexander Jacobson tel:917-770-6565 http://alexjacobson.com

More information about the Libraries mailing list