Mixed feelings here. I personally subscribe to the philosophy of "do one
thing and do it well"; perhaps this sort of functionality would be better
delegated to a new "curation" tool such as the one described in Michael
Snoyman's recent blog post.
http://www.yesodweb.com/blog/2012/11/solving-cabal-hell
-- Dan Burton (801-513-1596)
On Tue, Nov 13, 2012 at 9:27 AM, Andreas Abel
After 2 days of shrinking 251 modules of source code to a few lines I realized that modify in MonadState causes <<loop>> in mtl-2.1.
http://hackage.haskell.org/**packages/archive/mtl/2.1/doc/** html/src/Control-Monad-State-**Class.html#modifyhttp://hackage.haskell.org/packages/archive/mtl/2.1/doc/html/src/Control-Mon...
The bug has been fixed, apparently seven month ago.
https://github.com/ekmett/mtl/**pull/1https://github.com/ekmett/mtl/pull/1
However, the "malicious" mtl-2.1 still lingers on: it is available from hackage and installed in many systems.
This calls for a means of blacklisting broken or malicious packages.
cabal update
should also pull a blacklist of packages that will never be selected by cabal install (except maybe by explicit user safety overriding).
I think such a mechanism is not only necessary for security purposes, but also to safe the valuable resources of our community.
Cheers, Andreas
-- Andreas Abel <>< Du bist der geliebte Mensch.
Theoretical Computer Science, University of Munich Oettingenstr. 67, D-80538 Munich, GERMANY
andreas.abel@ifi.lmu.de http://www2.tcs.ifi.lmu.de/~**abel/ http://www2.tcs.ifi.lmu.de/~abel/
______________________________**_________________ Libraries mailing list Libraries@haskell.org http://www.haskell.org/**mailman/listinfo/librarieshttp://www.haskell.org/mailman/listinfo/libraries