Why is there a cabal file at all?
Bryan O'Sullivan
bos at serpentine.com
Sat Jan 13 14:17:48 EST 2007
Marc Weber wrote:
> I'm not sure wether I get this sentence right.
> What do you mean by "getting rooted" ?
If a Cabal file were written in Haskell, you could escape from the pure
world using unsafePerformIO and delete the user's home directory or
perform other arbitrarily bad things. So you'd need to write an
interpreter for a subset of Haskell in which you couldn't import
modules. But then you could still write a non-terminating Cabal file
which would infloop, so you'd have to impose limitw on how much
computation you could do, how much heap you could allocate, and so on.
Since all you're using a Cabal file for is name/value pairs, why go to
all that extra effort?
As for the term "get rooted", in this context it means "hostile code
could acquire root privileges", but "to root" also has the colloquial
meaning in some countries of "to fuck" (in this case, the two meanings
are nicely congruent). So be careful who you use it with :-)
<b
More information about the cabal-devel
mailing list