Comments (12)
Serokell hackage search for
import safe System.Directory
only findsMissingH
.
Actually, I overlooked lio-fs
which is a (likely academic) security library so they crucially rely on SafeHaskell. I revised their packages to directory < 1.3.8
:
In my case (
MissingH
) thesafe
imports were added (Feb 2022) by the HLS tactic that creates explicit import lists (a terribly useful tool otherwise, maybe this is a flaw).
I might have been unjust in my assessment here because I misremembered. HLS only adds safe
to import
when the importing module is declared Safe
(see my relevant commit to MissingH
). So, my apologies to the HLS developers, their logic is correct.
from directory.
This would mean filepath itself also needs a major version bump. This is what I initially planned to do, but GHC team said that will create more work for them.
My understanding is that System.OsPath
is a new module, so that a minor bump is still fine for filepath
.
The issue here seems to be that System.Directory
(an existing module) changes its safety status, I agree with @Bodigrim that removing the use of SafeHaskell
is the best thing to do..
Thanks everyone for the discussion about this.
from directory.
Are there any outstanding issues that remain here?
If not I will close this. Thank you all for the discussions.
from directory.
@bgamari @hasufell System.OsPath
is not Safe and so directory
transitively also became non-Safe. @andreasabel considers this a PVP violation, which leaves us with two options:
-
Restore the Safe status in
System.OsPath
, send out a minor release of filepath, and then mark filepath-1.4.100.0 as deprecated; or -
Retain the non-Safe status quo, send out a major release of directory-1.4.0.0, and then mark directory-1.3.8.0 as deprecated.
Any thoughts on which approach to take?
from directory.
I feel the specification is not very clear on that matter
I personally think that "compiles without code change" is not really what non-breaking or "other" changes from PVP spec demand.
Then again, if you consider "Safe" as part of the API, then you could argue different. The spec only implicitly defines "API".
from directory.
I agree that the PVP does not mention anything on safe vs. non-safe. While nothing violates the letter of the PVP, certainly going from safe to unsafe violates the spirit of the PVP.
The spirit (and dominant practice) is that it is sufficient to set a major version upper bound for your dependencies (with some exceptions, e.g. when you define orphan instances). So, if you make changes to your package that can break downstream packages, you need to bump the major version.
from directory.
This would mean filepath itself also needs a major version bump. This is what I initially planned to do, but GHC team said that will create more work for them.
from directory.
There is a never ending trail of destruction caused by Safe Haskell. Friends do not let friends use {-# Safe #-}
. Iβm very serious, please just donβt.
from directory.
Friends do not let friends use
{-# Safe #-}
.
This message should go to the haskell-language-server folks, summoning @jneira.
In my case (MissingH
) the safe
imports were added (Feb 2022) by the HLS tactic that creates explicit import lists (a terribly useful tool otherwise, maybe this is a flaw).
The GHC crowd seems rather undecided what to do with SafeHaskell
, e.g. see this unresolved issue from 2014: https://gitlab.haskell.org/ghc/ghc/-/issues/8745
Reported upstream to PVP:
from directory.
I suggest both directory
and MissingH
to remove Safe
pragmas. This is a misfeature which makes everything too fragile.
Bumping major versions of filepath
and directory
is an extremely costly change for the ecosystem. According to the letter of PVP they are not in breach, and my opinion is that it's Safe Haskell as a feature who is at fault with PVP here. There are only handful users of Safe Haskell, and it seems less costly to revise them by adding directory < 1.3.8.0
bound.
from directory.
Serokell hackage search for import safe System.Directory
only finds MissingH
. Fringe use indeed, and I only started the import safe
thing because HLS suggested it (didn't even know about this syntax).
...
MIssingH
to removeSafe
pragmas.
Will do, seems the most pragmatic course of action.
from directory.
For package MissingH
, I am dropping LANGUAGE Safe
for all modules importing System.Directory
in this PR:
from directory.
Related Issues (20)
- Release for GHC 9.4.1 HOT 3
- Documentation for `doesFileExist` lies HOT 4
- File metadata API with symlink-awareness
- Unhelpful error with `copyFile` into non-existent directory HOT 2
- Updating the CI and the cabal file HOT 2
- makeAbsolute ~ gives wrong path HOT 2
- Release for GHC 9.6.1 HOT 3
- TMPDIR environment variable not honoured on windows HOT 2
- Feature request: createLink HOT 1
- FR: a variant of getModificationTime that works on symlinks HOT 1
- Cabal file doesn't list install-includes HOT 3
- [Feature request] A way to copy a directory with metadata (and/or recursively) HOT 5
- directory bundled with GHC-9.6 is not safe (inferred) anymore. HOT 5
- Support filepath >= 1.5.0.0 and os-string
- Support Win32 2.14 HOT 5
- canonicalizePath regressed on Windows between directory-1.3.7.1 and directory-1.3.8.0 HOT 2
- Please revise `time` dependency to `< 1.15` HOT 1
- Support filepath 1.4.300.1 HOT 4
- Builds with allow-newer unnecessarily fail HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from directory.