A safety issue of that magnitude is a valid reason to hold up a release at the last minute IMHO.
Manuel > Simon Peyton Jones <simo...@microsoft.com>: > > Friends > > In a call with a bunch of type hackers, we were discussing > > https://ghc.haskell.org/trac/ghc/ticket/9858 > <https://ghc.haskell.org/trac/ghc/ticket/9858> > This is a pretty serious bug. It allows a malicious person to construct his > own unsafeCoerce, and so completely subverts Safe Haskell. > > Actually there are two bugs (see comment:19). The first is easily fixed. > But the second is not. > > We explored various quick fixes, but the real solution is not far out of > reach. It amounts to this: > > · Every data type is automatically in Typeable. No need to say > “deriving(Typeable)” or “AutoDeriveTypeable” (which would become deprecated) > > · In implementation terms, the constraint solver treats Typeable > specially, much as it already treats Coercible specially. > > It’s not a huge job. It’d probably take a couple of days of implementation > work, and some time for shaking out bugs and consequential changes. The > biggest thing might be simply working out implementation design choices. > (For example, there is a modest code-size cost to making everything Typeable, > esp because that includes the data constructors of the type (which can be > used in types, with DataKinds). Does that matter? Should we provide a way > to suppress it? If so, we’d also need a way to express whether or not the > Typable instance exists in the interface file.) > > But it is a substantial change that will touch a lot of lines of code. > Moreover, someone has to do it, and Iavor (who heroically volunteered) > happens to be travelling next week. > > So it’s really not the kind of thing we would usually do after RC2. > > But (a) it’s serious and, as it happens, (b) there is also the BBP Prelude > debate going on. > > Hence the question: should we simply delay 7.10 by, say, a month? After > all, the timetable is up to us. Doing so might give a bit more breathing > space to the BBP debate, which might allow time for reflection and/or > implementation of modest features to help the transition. (I know that > several are under discussion.) Plus, anyone waiting for 7.10 can simply use > RC2, which is pretty good. > > Would that be a relief to the BBP debate? Or any other opinions. > > Simon > > PS: I know, I know: there is endless pressure to delay releases to get stuff > in. If we give in to that pressure, we never make a release. But we should > know when to break our own rules. Perhaps this is such an occasion. > > _______________________________________________ > ghc-devs mailing list > ghc-devs@haskell.org <mailto:ghc-devs@haskell.org> > http://www.haskell.org/mailman/listinfo/ghc-devs > <http://www.haskell.org/mailman/listinfo/ghc-devs>
_______________________________________________ ghc-devs mailing list ghc-devs@haskell.org http://www.haskell.org/mailman/listinfo/ghc-devs
