[darcs-devel] ssh release needed (Re: status of darcsden repo)
simon at joyful.com
Wed Jul 1 22:40:34 UTC 2020
On 6/30/20 1:17 PM, Simon Michael wrote:>> On Jun 30, 2020, at 11:46,
Simon Michael <simon at joyful.com> wrote:
>> On Tue, Jun 30, 2020, at 11:28 AM, Ganesh Sittampalam wrote:
>>> Deprecation+bundling seems reasonable to me if you'd rather it not
>> Thanks Ganesh. It's not that, but if it's only a component of
darcsden then it seems to make sense, reducing busywork. One package
instead of two.
> Actually I take that back, the simplest thing is just to upload a new
ssh release, isn’t it.
Continuing this darcsden-related thread here, I hope it's not too off
With Ganesh's blessing, I have done a bit more cleanup towards a ssh 0.4
release (changelog, updating metadata, listing myself and Ganesh as
comaintainers). You can review the latest at https://hub.darcs.net/simon/ssh
I had updated the cabal file to point to this as the official repo, but
I see a new problem: the issue tracker is in Ganesh's, and can't easily
be moved: https://hub.darcs.net/ganesh/ssh/issues/all
So maybe it's better to keep Ganesh's repo as the official one. Ie when
the time comes, Ganesh can replace his last N patches (forking a backup
first if needed) with the latest from my repo.
Here's what I see remaining to do before 0.4 release:
1. fix the failing tests. A release blocker.
2. fix compilation warnings if at all possible.
3. fix the three strangely unindented do blocks in SSH.hs that compile
only under Haskell98 (change that to Haskell2010 in the cabal file to
see them, eg line 154). Alex Suraci might get back to me on this, or we
can review this code and decide if the blocks should or should not be
indented/conditionalised, or we can ignore them and keep compiling as
Haskell98. Not a release blocker.
4. tests hang when I run them on a particular machine (a VPS). Not too
- Ben, ssh now depends on random 1.2+. Possibly that helps with the
cryptographic weakness you mentioned ?
- maybe porting to hssh is the right move. I'm not sure; hssh was
released two years later, but doesn't seem too active either, and would
be less under our control (that can be good or bad). If I understand
things, ssh relies on the C libssh2 library (despite the "pure haskell"
description), while hssh + cryptonite is 100% haskell, which arguably
could makes it more cryptographically suspect.
More information about the darcs-devel