Feature Idea: --no-remote-fetching flag
Johan Tibell
johan.tibell
Tue Oct 8 16:54:02 UTC 2013
I would like for there to be a both a command line flag and a
~/.cabal/config setting (there isn't one already, is there?), False by
default, that has this behavior. Some people have previously expressed
a desire for it on security grounds.
P.S. We intend to have cabal build imply `cabal install
--only-dependencies` when working in a sandbox in the future.
On Tue, Oct 8, 2013 at 9:46 AM, Adam Foltzer <acfoltzer at gmail.com> wrote:
> Hello,
>
> With the wonderful advent of sandboxes in mainline cabal, I'd like to see
> what folks think of a flag to disable remote fetching of dependencies. The
> idea is that one could `cabal sandbox add-source` a set of trusted
> dependencies, and then be assured that a subsequent `cabal install
> --no-remote-fetching` would *only* resolve dependencies in that trusted set.
>
> I'd be willing to explore implementing this myself, if it would be
> appropriate for a first-time cabal hacker. I'm also quite interested to hear
> whether this would be a useful feature for others, or other ways you might
> propose to address the problem.
>
> I also understand that I can get this behavior by modifying the
> ~/.cabal/config, but this is a kludgey approach that is not workable in all
> deployment environments.
>
> Thanks!
> Adam
>
> _______________________________________________
> cabal-devel mailing list
> cabal-devel at haskell.org
> http://www.haskell.org/mailman/listinfo/cabal-devel
>
More information about the cabal-devel
mailing list