"S. Alexander Jacobson"
I like the simplicity but would also like the spec to make it easy for me to guarantee that that I don't end up running/installing malware.
I think Haskell's typesystem and purity should make it relatively easy to make sure that:
We actually talked about exactly this idea (thanks to Ross) last month. I understand what you're looking for here, but I don't think you'll be able to get any extra security without unduly limiting the system...
1. installation has no sideeffects beyond making a module available for import
What about packages that install binary tools or data files? I don't want to limit the system to just libraries for the sake of this security feature.
2. import has no sideeffects beyond making functions in a module available
This is already true (besides some stuff with type classes, of course).
3. the installer and perhaps end-user is notified if functions in a module/package use unsafeperformIO or some equivalent and perhaps what IO functions the IO monad code actually does use (if any).
This would be nice, but in absence of this (which is outside the scope of this project, since it'll require changing the compilers), your (1) above becomes less useful, and we limit ourselves to just libraries for the sake of ineffective security. I have no idea how difficult all of that would be. Maybe some of the implementation authors can speak to that.
I don't want to have to trust a random downloaded Setup.lhs (I don't want to have to read/understand its source) and I suspect it is easy enough to make sure that I don't have to.
I suspect that implementing real security here will be harder than it looks, and I don't want to delay the package infrastructure until all those problems are sorted out and the compilers implement them. For now, I'm afraid, trust is an all-or-nothing venture when it comes to running someone else's code. It would be really cool to have a "secure library infrastructure" which is more limited but which provides more guarantees. I just think it's overly ambitious for now. peace, isaac