On 29 November 2015 at 20:12, Michael Orlitzky
On 11/29/2015 01:37 PM, Omari Norman wrote:
Distribution packagers are savvy enough to use stack.
Ignoring the question of *how* that might work, most distributions forbid bundled dependencies because it creates a maintenance nightmare and fills our users' machines with untraceable security vulnerabilities.
But doesn't Haskell do static linking (usually) and cross-module inlining? Or are you fine with static linking as long as it's somehow tracked by the package manager, so that upgrading some-vuln-lib from 1.0 to 1.1 forces upgrading all client programs (looks quite doable at least with Debian packages)? -- Paolo G. Giarrusso - Ph.D. Student, Tübingen University http://ps.informatik.uni-tuebingen.de/team/giarrusso/ -- Paolo G. Giarrusso - Ph.D. Student, Tübingen University http://ps.informatik.uni-tuebingen.de/team/giarrusso/