Haskell Platform proposal: Add the vector package

Gregory Collins greg at gregorycollins.net
Fri Jul 13 06:35:55 CEST 2012


Hi Simon,

On Thu, Jul 12, 2012 at 10:43 PM, Simon Marlow <marlowsd at gmail.com> wrote:


> Safe Haskell isn't about catching bugs.  It's about making it possible to
> program with stronger guarantees than we currently have.

 ...



Normally when you use an unsafe feature, the purpose is to use it to
> implement a safe API - if that's the case, all you have to do is add
> Trustworthy to your language pragma, and the API is available to use from
> Safe code.
>

The issue I think Johan is complaining about is that this is a very weak
sauce. If some muppet can upload a package on Hackage that dereferences
nullPtr and just slap a "{-# LANGUAGE Trustworthy #-}" on the top, then
we're back exactly where we were before: library users must trust library
maintainers and/or carefully security audit the code they rely on. If
you're asking library authors to do a lot of work to rearchitect their
module namespaces, and increasing their maintenance overhead for the 6-12
months a deprecation cycle would take, I think you have to have a
compelling story to offer about how life will be better in the end.

Now, if functions could be cryptographically *signed*, meaning that "user X
asserts that he's audited this code and it's actually safe", then you could
start building the web of trust necessary for this feature to be useful.
(Of course, the code would have to be re-signed every time code it depends
on changed..... I don't actually think this would work!).

As it stands, one miscreant can cause a lot of damage, especially when you
consider that right now anyone can upload any version of any package to
Hackage --- Safe Haskell or not.

G
-- 
Gregory Collins <greg at gregorycollins.net>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/libraries/attachments/20120713/1060c0c5/attachment-0001.htm>


More information about the Libraries mailing list