#194: add sanity checking to version numbers ----------------------------+----------------------------------------------- Reporter: duncan | Owner: Type: defect | Status: new Priority: normal | Milestone: Component: Cabal library | Version: 1.2.3.0 Severity: normal | Resolution: Keywords: | Difficulty: very easy (<1 hour) Ghcversion: 6.8.1 | Platform: Linux ----------------------------+----------------------------------------------- Comment (by duncan): Turns out that there are zero packages in hackage with this kind of dodgy version number. So instead of warning we could just make it a parse error without much worry about breaking old packages. That'd be a good deal simpler. I tested with a little script `foo.hs`: {{{ import Distribution.Version import Data.Char main = do ls <- return . lines =<< getContents print [ l | l <- ls , let l' = dropWhile isSpace l , show (readVersion l') == l' ] }}} and {{{ $ tar -xf 00-index.tar $ ls */*/*.cabal | wc -l 697 $ grep -ilh '^version:' */*/*.cabal | cut -d: -f 2 > versions $ wc -l versions 697 $ ./foo < vers [] }}} So we could make the version parser stricter. Something like this untested code: {{{ parseVersion = do branch <- sepBy1 digits (char '.') tags <- many (char '-' >> munch1 isAlphaNum) return Version{versionBranch=branch, versionTags=tags} where - digits = liftM read $ munch1 isDigit + digits = do leading <- satisfy isDigit + if leading == '0' + then return 0 + else do remaining <- munch isDigit + return (read (leading : remaining)) }}} ie only allow numbers -- Ticket URL: http://hackage.haskell.org/trac/hackage/ticket/194#comment:1 Hackage http://haskell.org/cabal/ Hackage: Cabal and related projects