Adding a security fix in general is going to be tough since you'd have to rebuild all of the packages that the user has that depend on that package or else it would be instant cabal hell (which is basically why platform releases work best with different compiler versions). One alternative would be for the platform to add some artificial stuff to the GHC version so that its package db doesn't clash with anything else…

On Wednesday, July 9, 2014, Alois Cochard <alois.cochard@gmail.com> wrote:

I think it's an issue since I learnt that the platform can not be update on his own (need a new GHC version)...

How can we integrate security fix in the platform?... We can't...

On Jul 9, 2014 2:47 AM, "Mark Wotton" <mwotton@gmail.com> wrote:
Hi all,

there was a security update to the underlying library to one of my
bindings last night (lz4) and it got me thinking - how do we handle
security updates as a community? I typically find out from IRC or
twitter now, which isn't particularly reliable. Might it be possible
to mark an update on Hackage as a security update rather than feature
update?

cheers
Mark

--
A UNIX signature isn't a return address, it's the ASCII equivalent of a
black velvet clown painting. It's a rectangle of carets surrounding a
quote from a literary giant of weeniedom like Heinlein or Dr. Who.
        -- Chris Maeda
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe