You can actually mark specific package releases deprecated on hackage. Which prevents cabal from picking it as part of a build plan. This of course doesn&#39;t handle the dissemination issue of course. <span></span><br><br>
On Tuesday, July 8, 2014, Mark Wotton &lt;<a href="mailto:mwotton@gmail.com">mwotton@gmail.com</a>&gt; wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi all,<br>

<br>
there was a security update to the underlying library to one of my<br>
bindings last night (lz4) and it got me thinking - how do we handle<br>
security updates as a community? I typically find out from IRC or<br>
twitter now, which isn&#39;t particularly reliable. Might it be possible<br>
to mark an update on Hackage as a security update rather than feature<br>
update?<br>
<br>
cheers<br>
Mark<br>
<br>
--<br>
A UNIX signature isn&#39;t a return address, it&#39;s the ASCII equivalent of a<br>
black velvet clown painting. It&#39;s a rectangle of carets surrounding a<br>
quote from a literary giant of weeniedom like Heinlein or Dr. Who.<br>
        -- Chris Maeda<br>
_______________________________________________<br>
Haskell-Cafe mailing list<br>
<a href="javascript:;" onclick="_e(event, &#39;cvml&#39;, &#39;Haskell-Cafe@haskell.org&#39;)">Haskell-Cafe@haskell.org</a><br>
<a href="http://www.haskell.org/mailman/listinfo/haskell-cafe" target="_blank">http://www.haskell.org/mailman/listinfo/haskell-cafe</a><br>
</blockquote>