Re: [Haskell-cafe] Safe Haskell?

3 May 2021

      Removing inference: yes, IMO it would be better then current state of
affairs. Please write a proposal.

However, `default-extensions: Safe` wouldn't just work. Often some
modules are just Trustworthy, or even plain out Unsafe (e.g. in bytestring)

    {-# LANGUAGE Safe #-}
    {-# LANGUAGE Trustworthy #-}

file errors with

     ghc: SH.hs:2:14-24: Incompatible Safe Haskell flags! (Safe,
Trustworthy)

(same if you ghc -XSafe TrustworthyModule.hs)

We can argue back and forth whether we should be able to override
Safe-Haskell status.
- Overriding would make sense, as -XHaskell2010 -XGHC2021 -XHaskell2010
works.
- OTOH, safety is peculiar, so there probably was a discussion
justifying current behavior, which is to prohibit overriding. (Probably
one argument is that if the extensions are in module, then sorting them
shouldn't change the result! with Safe Haskell it's harder to spot - you
have to write tests - than with mixing up Haskell98/2010/GHC2021).

Yet, I'll be happy with any option.

- Oleg

On 28.4.2021 21.07, Richard Eisenberg wrote:
...
...
On Apr 28, 2021, at 11:51 AM, Oleg Grenrus mailto:oleg.grenrus@iki.fi> wrote:
TL;DR Safe Haskell requires buy-in from every maintainer, but there are
barely
any users. For how much longer we need to run this "academic experiment"?
This is a good way to put it. The reason I've swung around in favor of
keeping what we have is that I think *some* structure like Safe
Haskell is needed for proper security. The idea is that an author
should have to trust only a few packages (like `bytestring`), and
these packages can advertise their wide level of trust in a central
location, like Hackage. This trust system exists now, but it's not
widely advertised. If we were to remove Safe Haskell, this trust
system would disappear, only (likely) to be replaced by a very similar
trust system required by the successor to Safe Haskell.
So, given the real costs associated with discussing how best to remove
the feature, then removing it, then having libraries remove it, seem
not quite worth it.
On the other hand, perhaps you've implicitly suggested something: just
disable Safe-inference. That is, every module starts off Unsafe. This
could easily be overridden at the package level with
default-extensions: Safe in a cabal file. If we had no safe-inference,
would that solve the library-level problems? It would certainly remove
a good deal of the complexity within GHC!
Richard