Re: mtl-2.1 severly broken, cabal needs blacklisting

On Tue, 13 Nov 2012, Bas van Dijk wrote:

On 13 November 2012 17:27, Andreas Abel wrote:

...

This calls for a means of blacklisting broken or malicious packages.

cabal update

should also pull a blacklist of packages that will never be selected by cabal install (except maybe by explicit user safety overriding).

Maybe we can use the existing preferred-versions file that cabal-install uses:

http://hackage.haskell.org/packages/archive/preferred-versions

It is also possible to deprecate a package. Is it possible to deprecate a single version? I'm afraid that the user is also not warned if he installs a deprecated package.