On Wed, Apr 9, 2014 at 1:15 PM, Erik Hesselink <hesselink@gmail.com> wrote:

On Wed, Apr 9, 2014 at 12:11 PM, Michael Snoyman <michael@snoyman.com> wrote:
> 3. You have yet to demonstrate a single example of breakage to the HP that
> would be caused by including tls.

I don't want to get involved in the arguments about the other
technicalities, but we've had breakages with the tls suite of packages
in the past due to lack of upper bounds. Here's one quoted from an
email to Vincent Hanquez:

The problem was that tls 1.1.2 doesn't list an upper bound on its
crypto-pubkey dependency, but
doesn't build with the new 0.2.* releases.

I'm not arguing about upper bounds in general. I don't dispute (and never had!) that upper bounds can in many cases allow builds to succeed where they would otherwise fail. I'm speaking specifically about the case of the Haskell Platform, which makes all version bounds in the package itself irrelevant by hard-coding exact versions of all dependencies.

Michael