Re: [Haskell-cafe] security update practice?

Adding a security fix in general is going to be tough since you'd have to rebuild all of the packages that the user has that depend on that package or else it would be instant cabal hell (which is basically why platform releases work best with different compiler versions). One alternative would be for the platform to add some artificial stuff to the GHC version so that its package db doesn't clash with anything else… On Wednesday, July 9, 2014, Alois Cochard wrote:

I think it's an issue since I learnt that the platform can not be update on his own (need a new GHC version)...

How can we integrate security fix in the platform?... We can't... On Jul 9, 2014 2:47 AM, "Mark Wotton" javascript:_e(%7B%7D,'cvml','mwotton@gmail.com');> wrote:

...

Hi all,

there was a security update to the underlying library to one of my bindings last night (lz4) and it got me thinking - how do we handle security updates as a community? I typically find out from IRC or twitter now, which isn't particularly reliable. Might it be possible to mark an update on Hackage as a security update rather than feature update?

cheers Mark

-- A UNIX signature isn't a return address, it's the ASCII equivalent of a black velvet clown painting. It's a rectangle of carets surrounding a quote from a literary giant of weeniedom like Heinlein or Dr. Who. -- Chris Maeda _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org javascript:_e(%7B%7D,'cvml','Haskell-Cafe@haskell.org'); http://www.haskell.org/mailman/listinfo/haskell-cafe