SearchPath (was RE: hackage, cabal-get, and security)
Simon Marlow
simonmar at microsoft.com
Wed May 18 17:55:38 EDT 2005
On 18 May 2005 17:59, S. Alexander Jacobson wrote:
> On Wed, 18 May 2005, Simon Marlow wrote:
>> On 17 May 2005 17:14, S. Alexander Jacobson wrote:
>>> With SearchPath, you supply the URLs of the module maps you want to
>>> use. SearchPath then uses these map to locate, download and
>>> "install" needed libraries without further user intervention.
>>>
>>> A module map is just a file mapping module names to the base URLs of
>>> directories in which they reside. If you want to supply the URL of
>>> a particular version of a module map rather than "latest" you are
>>> free to do that.
>>
>> But how do you know what module maps were being used by the author of
>> the module you download? Don't you have to download their module map
>> file too?
>
> The reality is that, no matter what, you always have to assume that
> the user and author of a particular module/package need to live in
> basically the same universe of modules and packages.
So in fact I *cannot* locally modify my module map to use a different
version of an imported module. The module map is fixed and global,
although I can extend it locally.
So basically, there's no versioning, because everyone has to use the
same version of everything. Right? Well, except that I can enter into
a pact with another module author to use a certain version of a third
party's module, and we both have to remember that we have the pact
because the information doesn't travel with the module sources (unlike
Cabal, where dependencies are explicit, I might add).
> With Cabal, if you download two packages, how do you know that they
> won't require conflicting versions of another module/package?
As discussed before, the fact that you can't use two versions of a
package simultaneously is a missing feature in the implementation,
nothing more.
Cheers,
Simon
More information about the Libraries
mailing list