Label vincenthz packages as deprecated on Hackage

Question

Label vincenthz packages as deprecated on Hackage

Kleidukos opened this issue 4 months ago · comments

Hécate commented 4 months ago

How and when was the maintainer for the package requiring action contacted?
The maintainer has decided to cease all activities in the Haskell ecosystem, and for some select packages, forks have been set in place. The TLS libraries have been handed over to a new maintainer, but most things have been abandoned with no intent to hand over maintainership.
If available, a link to the filed issue in the upstream issue tracker
These repositories have been archived, and as such it is not possible to interact on the issue tracker
How critical is this?
For cryptography package it is primordial to drive people away from clearly deprecated packages.
Some other names like git, connection, packer or pem could be reused for actually maintained libraries.

(non-exhaustive) List of packages

foundation
basement
memory
cryptonite in favour of crypton
cryptohash-cryptoapi
gauge
git
language-java
connection
hit
hourglass
professor
asn1
socks
libgit
cabal-db
securemem
packer
siphash
unix-memory
pem
crypto-pubkey-types
fileformat
cstruct
byteable

Oleg Grenrus · Answer 1 · Tue Mar 05 2024 00:19:39 GMT+0800 (China Standard Time)

e.g. tls depends on asn1-types which depends on hourglass. tls also depends on memory directly. crypton depends on memory and basement.

I feel it's better to do nothing for most of these packages.

The deprecation cryptonite in favour of crypton makes sense. In particular there is the superseding package. But for something like asn1-* family of packages there simply aren't alternatives, AFAIK.

TL;DR, they are not deprecated, they are abandoned. That is not the same.

Hécate · Answer 2 · Tue Mar 05 2024 00:46:01 GMT+0800 (China Standard Time)

Understandable

Andreas Abel · Answer 3 · Tue Mar 05 2024 01:55:15 GMT+0800 (China Standard Time)

basement and foundation have been recently refreshed on Hackage (June 2023) and have @snoyberg listed as (Hackage) maintainer, so they should be good for a while.

ˌbodʲɪˈɡrʲim · Answer 4 · Tue Mar 05 2024 03:39:33 GMT+0800 (China Standard Time)

I suggest we mark:

cryptonite deprecated in favor of crypton, cryptohash-md5, cryptohash-sha1, cryptohash-sha256, cryptohash-sha512 (plenty of cryptonite clients use it just for hashes),
gauge deprecated in favor of tasty-bench and criterion.

I'm not aware of any easy replacement for memory, and the rest of Vincent's legacy is not that widely used.

Janus Troelsen · Answer 5 · Sun Mar 10 2024 00:45:53 GMT+0800 (China Standard Time)

Would it be possible for trustees to swap out dependencies on connection for crypton-connection? Or is that not permitted?

In particular, I am thinking of:

jhickner/smtp-mail#41

Oleg Grenrus · Answer 6 · Sun Mar 10 2024 00:54:09 GMT+0800 (China Standard Time)

Would it be possible for trustees to swap out dependencies

No, revisions cannot change the dependencies; only their version ranges.

ˌbodʲɪˈɡrʲim · Answer 7 · Tue Apr 09 2024 03:36:26 GMT+0800 (China Standard Time)

For the reference, gauge is broken on aarch64 with

cbits/cycles.c:55:2: error:
     error: Unsupported OS/architecture/compiler!
   |
55 | #error Unsupported OS/architecture/compiler!
   |  ^
#error Unsupported OS/architecture/compiler!

and on any arch with GHC 9.10 because of vendored-in math-functions:

math-functions/Numeric/Sum.hs:138:19: error: [GHC-87543]
    Ambiguous occurrence ‘foldl'’.
    It could refer to
       either ‘Prelude.foldl'’,
              imported from ‘Prelude’ at math-functions/Numeric/Sum.hs:25:8-18
              (and originally defined in ‘ghc-internal-9.1001.0:GHC.Internal.Data.Foldable’),
           or ‘Data.Vector.Generic.foldl'’,
              imported from ‘Data.Vector.Generic’ at math-functions/Numeric/Sum.hs:35:41-46.
    |
138 | sumVector f = f . foldl' add zero
    |

And cryptonite has several unmitigated issues such as kazu-yamamoto/crypton#22 and haskell-crypto/cryptonite#374 (aka kazu-yamamoto/crypton#1).