{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreigwedgz2rstpulsysad2yqb6lzwdskmip5gmhyskz45d47gdzb27e",
    "uri": "at://did:plc:pi6woz4d47bkuws673w2il2r/app.bsky.feed.post/3moo3bv7vldm2"
  },
  "path": "/t/rfc-http-types-breakage-additions-rework/14286?page=2#post_28",
  "publishedAt": "2026-06-19T17:42:31.000Z",
  "site": "https://discourse.haskell.org",
  "tags": [
    "@arybczak"
  ],
  "textContent": "hasufell:\n\n> I find it quite odd that we’re trying to hold library maintainers hostage because someone else is too lazy to manage their bounds.\n\nI was thinking this too (in my now deleted comment), but @arybczak’s issue would also happen with packages that have proper bounds. It questions the entire concept of versions.\n\narybczak:\n\n>   4. A vulnerability is discovered in `x`, a fix is made, `x-2.1` released.\n>\n\n\nI think this step should be extended:\n\n  4. A vulnerability is discovered in `x`\n     * check which versions are affected\n     * check which versions are used by a significant amount of people\n     * patch the intersection of those two sets\n\n",
  "title": "[RFC] \"http-types\" breakage / additions / rework"
}