#8310: Can we change the semantics of `Trustworthy`? -------------------------------------+------------------------------------ Reporter: ekmett | Owner: dterei Type: feature request | Status: new Priority: normal | Milestone: Component: Compiler | Version: 7.6.3 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: Unknown/Multiple Type of failure: None/Unknown | Difficulty: Unknown Test Case: | Blocked By: Blocking: | Related Tickets: -------------------------------------+------------------------------------ Comment (by dterei): @monoidal no trouble, yes I've been thinking it over and discussing with David Mazieres. There is a complication that isn't clear how to resolve. Mazieres is away in France right now so that's been delaying me. The problem. Imagine this situation. * `Data.ByteString` is marked and compiled as Trustworthy * module `A` imports Data.ByteString * module `A` is marked Trustworthy * module `A` resides in package P (and P only contains A) Assume that A could be inferred as `Safe`. Right now if you compile A with the following Safe Haskell flags you get these package trust dependencies: * Safe: bytestring, base * Trustworthy (ByteString imported without safe keyword): p * Trustworthy (ByteString imported with safe keyword): p, bytestring * (Inferred Safe): bytestring, base So if we changed it so `Trustworthy` marked modules could be inferred Safe, what package trust dependencies should be attached? Options: 1) bytestring, base 2) p 3) p, bytestring 4) p, bytestring, base It becomes unintuitive what packages you'll need to trust and that set will change unpredictably over time. Currently, package trust has a clear relationship and direct with `Trustworthy`, this change either makes that relation indirect, or confuses the boundary of `Safe` vs. `Trustworthy`. I'd love to hear any thoughts you or @ekmett have on this. -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/8310#comment:3 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler