| | 73 | |
| | 74 | ----------------------- |
| | 75 | '''SLPJ/SDM note'''. This is an attempt to define what it means for a module, or a package, to be "trusted", and what consequences that trust has. If successful it would replace the material that follows |
| | 76 | |
| | 77 | * A '''client''' is someone running GHC, typically the person compiling the application. |
| | 78 | |
| | 79 | * A '''package P is trusted by a client C''' iff one of these conditions hold |
| | 80 | * C's package database records that P is trusted |
| | 81 | * C's command-line flags say to trust it regardless (see `-trust`, `-distrust` below)[[BR]] |
| | 82 | It is up to C to decide what packages to trust; it is not a property of P. |
| | 83 | |
| | 84 | * A '''module M from package P is trusted by a client C''' iff |
| | 85 | * Package P is trusted by C |
| | 86 | * One of the following holds: |
| | 87 | * The module was compiled with `-XSafe` and all of M's direct `imports` are trusted by C |
| | 88 | * The module was compiled with `-XTrustworthy` and all of M's direct `safe imports` are trusted by C |
| | 89 | |
| | 90 | * When a client C compiles a module M with |
| | 91 | * `-XSafe`: all M's `imports` must be trusted by C |
| | 92 | * `-XTrustworthy`: all M's `safe imports` must be trusted by C[[BR]] |
| | 93 | Otherwise the module is rejected. |
| | 94 | |
| | 95 | '''End of SLPJ/SDM note''' |
| | 96 | ------------------------ |
