SearchPath (was RE: hackage, cabal-get, and security)
S. Alexander Jacobson
alex at alexjacobson.com
Wed May 18 12:58:36 EDT 2005
On Wed, 18 May 2005, Simon Marlow wrote:
> On 17 May 2005 17:14, S. Alexander Jacobson wrote:
>> With SearchPath, you supply the URLs of the module maps you want to
>> use. SearchPath then uses these map to locate, download and "install"
>> needed libraries without further user intervention.
>> A module map is just a file mapping module names to the base URLs of
>> directories in which they reside. If you want to supply the URL of a
>> particular version of a module map rather than "latest" you are free
>> to do that.
> But how do you know what module maps were being used by the author of
> the module you download? Don't you have to download their module map
> file too?
With Cabal, if you download two packages, how do you know that they
won't require conflicting versions of another module/package?
The reality is that, no matter what, you always have to assume that
the user and author of a particular module/package need to live in
basically the same universe of modules and packages.
The advantage of SearchPath over the status quo is that its module
maps make this universe explicit and versionable rather than tacit and
The value of explicit shared module maps is that you increase the
likelihood that module authors and users will actually agree on module
meanings. For example, both author and user can use the map at
haskell.org. If they are in the same organization, they can ALSO use
their organization's module map (inheriting some meanings from
haskell.org and overriding others). They can also use their
division's module map inheriting from their organizations map, etc.
The implicit maps of Cabal's "build-depends" are an invitation for
conflict. You have no particularly good reason to assume that any two
packages will be compatible. Worse, you have no particularly good
reason to assume that the user of your package will be able to *find*
the packages on which it depends. Thus you try to minimize code reuse.
SearchPath's explicit shared module maps makes it much less likely
that author and user will end up with different meanings for a
particular module name and make it much less likly that the user won't
be able to resolve module dependencies, making code reuse much more
S. Alexander Jacobson tel:917-770-6565 http://alexjacobson.com
More information about the Libraries