Haskell Ecosystem Workshop & ZuriHac 2024

Ten days ago I have attended to Haskell Ecosystem Workshop followed by ZuriHac.

It was my first participation to both events (last year, due to conflicting events, I was only able to attend to GHC Contributors' Workshop).

Haskell Ecosystem Workshop

I have attended as part as the Haskell Response Team.

We have collected a lot of feedback (videos will be available at some point), but if I have to make two highlights:

  • The Haskell ecosystem has already all the tools it takes to work with Haskell, however, tools are usually not polished enough (see the 80/20 rule) and/or usable easily together
  • Specifically to the SRT: there is a huge need for a (better) integration of the security-advisories in the ecosystem (i.e. cabal, hackage-server, flora) and a way to generate SBOM

This is one of the reasons we are discussing the split of the SRT team, which may or may not lead to the creation of another working group or sub-group dedicated to security tooling (I wish I'll be part of it, as it fits my interests and skills more than the current team, which was dedicated to vulnerabilities analysis and mitigations efforts coordination).

Speaking with other attendees made me realize that most of the core contributors are volunteers, especially those maintaining critical parts of the infrastructure. Moreover, many of them do not work with Haskell in their daily job.

On one hand I have serious doubts on the sustainability of the effort, on another hand, I'm grateful to my employers for having be able to work with it or the last four years and that it is a great opportunity to take the best from other ecosystems while avoid many pitfalls.

ZuriHac

I was my first attendance to ZuriHac.

I was planning to work with various groups (cabal, cabal-audit, hackage-server, flora) to integrate security-advisories (I think we have talked maybe one hour about it over 5 days), but we had to handle three vulnerabilities.

Hopefully, I was able to find some extra time to redesign the index, which will be useful as we now have a page on haskell.org.

I also had in mind a GHC improvement and a HLS bug fix from last year.

Conclusion

While I did not meet my initial goals, I'm pretty satisfied with my participation.

Of course, I wish to have talked to more people, and make more code contributions, but in the end, I think I have a better understanding of the ecosystem state and direction.