Mikolaj
commented
2 years ago I really don't know the packages enough to say. That's about the hackage-security Hackage package proper? I suppose the original authors would know, so let's ask them.
Open Ericson2314 opened 2 years ago
Mikolaj
commented
2 years ago I really don't know the packages enough to say. That's about the hackage-security Hackage package proper? I suppose the original authors would know, so let's ask them.
adamgundry
commented
2 years ago Does Aeson provide support for Canonical JSON? That's necessary for reliably hashing JSON values, which is crucial. I don't know the details of the history here, but it looks like the relevant bits were subsequently extracted as a separate package (https://github.com/well-typed/canonical-json) so perhaps hackage-security could be refactored to use that, if anyone cares enough.
andreasabel
commented
2 years ago References:
aeson is very slow to compile and provides many features not needed here, so I'd advice against.
canonical-json is atm outdated and needs to be lifted to the latest Haskell ecosystem (bytestring-0.11). Whether it has any users, is hard to tell, at least it is not tracked in https://packdeps.haskellers.com/reverse/canonical-json.
Never change a running system. As long as there isn't any expected gain from change, I'd leave things as-is for now.
Shouldn't we just delete that and use Aeson?