I haven't carefully studied the reason, but the crypto-related packages cause us more build problems than any other family of packages. I'm sure we're not the only ones; that's probably why Greg and others were assuming that they don't comply.
The rampant lack of dependency upper bounds in these package make them extremely difficult and frustrating to install. If you try to install a package depending on tls that is older than a month or two, it's just a nightmare. One after the next, crypto packages trick cabal into committing early to a version that is too new, and then the build fails with some complex chain of broken dependencies. You fix that one in cabal.config, and repeat. Even if the wording about supplying upper bounds in PVP is "SHOULD", in my opinion that means MUST for inclusion in HP. Packages in HP are supposed to be stable. However, I would really like to see tls in HP. Why not just add the upper bounds? Thanks, Yitz On Thu, Apr 10, 2014 at 2:00 PM, Michael Snoyman <mich...@snoyman.com> wrote: > Starting a separate subject for this response so I don't drive Mark > absolutely crazy. > > > On Wed, Apr 9, 2014 at 3:19 PM, Vincent Hanquez <t...@snarc.org> wrote: >> >> On 2014-04-08 16:29, Gregory Collins wrote: >> >>> >>> >>> >>> Unfortunately the entire Haskell tls/crypto ecosystem doesn't obey the >>> Hackage package versioning policy and until this is fixed I think that issue >>> precludes it from being included in the platform. >>> >> >> First of, you might want to read up on the difference between the >> definition of policy and rules/law. "obey" doesn't have its place here. >> >> Second, the tls/crypto ecosystem is following most of the PvP apart from >> "3 Dependencies in Cabal". >> >> Third, The PvP doesn't actually *enforce* any requirements on >> dependencies. I can only see CAN, SHOULD, MAY in the section 3. >> On the other hand, you can find MUST in section "2 Versions numbers", and >> as far I'm concerned the tls/crypto ecosystem is following each requirements >> in this section. >> > > Reading that section myself, I have to say I agree with Vincent's > interpretation. It would seem therefore that the packages under question are > in fact in compliance with the requirements of the PVP, and therefore > there's no blocker to including tls in the platform in the future, > regardless of how you interpret the HP's statement "we follow the Haskell > Package Versioning Policy". > > So if someone wants to object to inclusion of tls, it would have to be on > technical grounds, rather than simply quoting a document. > > Michael > > _______________________________________________ > Libraries mailing list > librar...@haskell.org > http://www.haskell.org/mailman/listinfo/libraries > _______________________________________________ Haskell-platform mailing list Haskell-platform@projects.haskell.org http://projects.haskell.org/cgi-bin/mailman/listinfo/haskell-platform
