On Tue, Oct 8, 2013 at 10:40 AM, Adam Foltzer <acfolt...@gmail.com> wrote: > Would this cause `cabal build` to fetch dependencies if some are missing > locally? We'd want to see a similar way to disable that behavior for > security-sensitive environments as well. Reproducibility and isolation are > our primary concerns for certain projects.
Yes, without the flag enabled cabal build, when used in a sandbox, will install packages from remote-repo (e.g. Hackage). >> On Tue, Oct 8, 2013 at 9:46 AM, Adam Foltzer <acfolt...@gmail.com> wrote: >> > Hello, >> > >> > With the wonderful advent of sandboxes in mainline cabal, I'd like to >> > see >> > what folks think of a flag to disable remote fetching of dependencies. >> > The >> > idea is that one could `cabal sandbox add-source` a set of trusted >> > dependencies, and then be assured that a subsequent `cabal install >> > --no-remote-fetching` would *only* resolve dependencies in that trusted >> > set. >> > >> > I'd be willing to explore implementing this myself, if it would be >> > appropriate for a first-time cabal hacker. I'm also quite interested to >> > hear >> > whether this would be a useful feature for others, or other ways you >> > might >> > propose to address the problem. >> > >> > I also understand that I can get this behavior by modifying the >> > ~/.cabal/config, but this is a kludgey approach that is not workable in >> > all >> > deployment environments. >> > >> > Thanks! >> > Adam >> > >> > _______________________________________________ >> > cabal-devel mailing list >> > cabal-devel@haskell.org >> > http://www.haskell.org/mailman/listinfo/cabal-devel >> > > > _______________________________________________ cabal-devel mailing list cabal-devel@haskell.org http://www.haskell.org/mailman/listinfo/cabal-devel