Proposal: Changes to the PVP

[Gershom Bazerman]

On 4/9/14, 5:13 PM, Michael Snoyman wrote:
> And this is where I think the PVP is doing a disservice with its 
> current wording. Users have this expectation, but it doesn't actually 
> hold up in reality. Reasons why it may fail include:
>
> * Typeclass instance leaking from transitive dependencies.
> * Module reexports leaking from transitive dependencies.
> * Someone made a mistake in an upload to Hackage (yes, that really 
> does happy, and it's not that uncommon).
> * The package you depend on doesn't itself follow the PVP, or so on 
> down the stack.
>
> So my point is: even though the *goal* of the PVP is to provide this 
> guarantee, it *doesn't* provide this guarantee. Since we have a clear 
> alternative that does provide this guarantee (version freezing), I 
> think we should make it clear that the PVP does not solve all 
> problems, and version freezing should be used.
>

Along the same lines I am concerned about the expectation of security 
provided by SSL. As the recent Heartbleed bug shows, we have an 
expectation that we have security, but this may fail in practice. As 
such, even though the *goal* of SSL is to provide this guarantee, it 
*doesn't* provide this guarantee, and furthermore it is a pain to comply 
with, certificates are expensive, etc. Since we have a clear alternative 
that does provide this guarantee (one-time-pads coupled with dead drops 
and a system of code phrases), I think we should make it clear that 
public key encryption does not solve all problems, and other techniques 
should be used.

Cheers,
Gershom