You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
NOTE: This is included via an extra-dep, which would constitute the
first time Stack would include a patched version of an upstream library.
This is due to the fact that
haskell/hackage-security#203 is likely not going
to be merged, despite fixing issues affecting Stack. This leaves us with
(AFAICT) 4 choices at the Stack level:
1. Continue using the officially released upstream version of
hackage-security, bugs and all
2. Fork hackage-security on Hackage, and depend on the fork
3. Inline the code from hackage-security into Stack itself, and drop the
explicit dependency on hackage-security
4. Include hackage-security via an `extra-dep` pointing at a Git commit.
Our official builds will use the patched version of hackage-security,
and anyone building from Hackage will end up with the unpatched version
This PR represents approach (4). If and when the PR is merged and
released to Hackage, this becomes a non-issue. But generally speaking,
we should have a policy in Stack for handling these kinds of upstream
issues cases.
0 commit comments