---------- Forwarded message ----------
From: Michael Orlitzky <michael <at> orlitzky.com>
Date: Sun, Nov 18, 2012 at 1:15 AM
Subject: Re: [Haskell-cafe] How to determine correct dependency versions for a library?
To: haskell-cafe <at> haskell.org
Replying somewhere random in the thread.
Linux distributions have to solve this same problem. We first need to
decide what Hackage's function is supposed to be:
(1) A dumb repository to host Haskell code
(2) A collection of Haskell packages that work together
In reality it's (1), but the existence of cabal-install supposes (2).
The way that distributions handle this is to assign maintainers to each
and every package in the distro, and require them all to be actively
maintained. Packages that don't build or have unresponsive upstreams are
removed. Maintainers who don't do their jobs are removed after a while, too.
The end result is that there are somewhat fewer packages /visible/ to
the user, but a comparable amount /available/, since what's in the
distro is what actually would have worked if the user tried to build it
I think there's value to having (1), but that we shouldn't expect (2) at
the same time. Tons of work goes into QA'ing packages to work together.
Someone needs to be responsible for making sure that things work; right
now no one is, so they don't.
Running a "Haskell distro" on a parallel Hackage would be a lot of work
but Arch, Debian, Gentoo, etc. already have to do essentially that. It
may make sense to either consolidate the effort, or reuse what work is
already being done. The gentoo-haskell project already keeps a list
of packages that are known to build from source together. Something like
prefix for example could be used to install packages that have been
vetted rather than just pulling a tarball with the right name directly
Or if that's too much trouble, we could write a reverse hackport that
creates a second Hackage full of stuff known to work in the various
distributions. No solution will be great at first, but we have the
"benefit" that it doesn't work right now either so maybe nobody will notice.
Without everyone duplicating the QA effort, I think things would shape