mtl-2.1 severly broken, cabal needs blacklisting
Andreas Abel
andreas.abel at ifi.lmu.de
Tue Nov 13 17:27:10 CET 2012
After 2 days of shrinking 251 modules of source code to a few lines I
realized that modify in MonadState causes <<loop>> in mtl-2.1.
http://hackage.haskell.org/packages/archive/mtl/2.1/doc/html/src/Control-Monad-State-Class.html#modify
The bug has been fixed, apparently seven month ago.
https://github.com/ekmett/mtl/pull/1
However, the "malicious" mtl-2.1 still lingers on: it is available from
hackage and installed in many systems.
This calls for a means of blacklisting broken or malicious packages.
cabal update
should also pull a blacklist of packages that will never be selected by
cabal install (except maybe by explicit user safety overriding).
I think such a mechanism is not only necessary for security purposes,
but also to safe the valuable resources of our community.
Cheers,
Andreas
--
Andreas Abel <>< Du bist der geliebte Mensch.
Theoretical Computer Science, University of Munich
Oettingenstr. 67, D-80538 Munich, GERMANY
andreas.abel at ifi.lmu.de
http://www2.tcs.ifi.lmu.de/~abel/
More information about the Libraries
mailing list