Re: [Haskell-cafe] Fwd: Fwd: Compatibility etiquette for apps, with cabal sandboxes and `stack`

On 11/29/2015 06:11 PM, Paolo Giarrusso wrote:

On 29 November 2015 at 20:12, Michael Orlitzky wrote:

...

On 11/29/2015 01:37 PM, Omari Norman wrote:

...

Distribution packagers are savvy enough to use stack.

Ignoring the question of *how* that might work, most distributions forbid bundled dependencies because it creates a maintenance nightmare and fills our users' machines with untraceable security vulnerabilities.

But doesn't Haskell do static linking (usually) and cross-module inlining? Or are you fine with static linking as long as it's somehow tracked by the package manager, so that upgrading some-vuln-lib from 1.0 to 1.1 forces upgrading all client programs (looks quite doable at least with Debian packages)?

GHC does dynamic linking now, but I'm OK with static linking as long as it's tracked. The end result is the same as if you had dynamic linking, only with a lot more wasted space and rebuilds/reinstalls.