You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I really don't know the packages enough to say. That's about the hackage-security Hackage package proper? I suppose the original authors would know, so let's ask them.
Does Aeson provide support for Canonical JSON? That's necessary for reliably hashing JSON values, which is crucial. I don't know the details of the history here, but it looks like the relevant bits were subsequently extracted as a separate package (https://github.com/well-typed/canonical-json) so perhaps hackage-security could be refactored to use that, if anyone cares enough.
aeson is very slow to compile and provides many features not needed here, so I'd advice against.
canonical-json is atm outdated and needs to be lifted to the latest Haskell ecosystem (bytestring-0.11). Whether it has any users, is hard to tell, at least it is not tracked in https://packdeps.haskellers.com/reverse/canonical-json.
Never change a running system. As long as there isn't any expected gain from change, I'd leave things as-is for now.
Shouldn't we just delete that and use Aeson?
The text was updated successfully, but these errors were encountered: