#15567: security of package environment files -------------------------------------+------------------------------------- Reporter: joeyhess | Owner: (none) Type: bug | Status: new Priority: high | Milestone: 8.6.1 Component: Compiler | Version: 8.2.2 Resolution: | Keywords: Operating System: Unknown/Multiple | Architecture: | Unknown/Multiple Type of failure: None/Unknown | Test Case: Blocked By: | Blocking: Related Tickets: | Differential Rev(s): Wiki Page: | -------------------------------------+------------------------------------- Comment (by svenpanne): The environment files were not "invented" in any way, they are just an idea copied from Python (probably) in a bad way. The crucial point is: To keep things reproducible and don't accidentally break perfectly fine Haskell scripts/tools/etc., which just happen to be run in the "wrong" working directory, ''opt-out'' is the wrong way to go. I totally understand the motivation of having a "virtual environment"-like feature, which is a great thing in itself, but by all means: Make this explicit, otherwise it's a horrible misfeature, something which other language infrastructures have already learned. I think I'm not alone in this view, see https://github.com/haskell/cabal/issues/4542. I really challenge the idea that virtual environments would be useless when you have to opt-in: This is what e.g. Python people happily do. Clearly documenting e.g. `cabal new-repl`, `cabal new-run` and a few words about how to use `direnv`for people wanting some automatism should be doable. Combine this with ''opt-in'' as the default, and everybody will be happy... -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/15567#comment:4 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler