-
1(a): Haskell isn’t alone - other (and well-known) GC-based languages have similar difficulties e.g:
Present but unreachable: reducing persistent latent secrets in HotSpot JVM (2017)
-
1(b):
I like laziness. I spent decades programming in procedural languages, where I had to continually think about order of evaluation. It sucks.
…and all these people liked laziness:
(source)
Laziness just presents an extra challenge, and apparently most Haskellers like those e.g. https://serokell.io/blog/ghc-dependent-types-in-haskell .
-
2: And we now have the Haskell Foundation - maybe they can help out with that one…
-
3: …in much the same way they’re helping out with this one.
Haskell isn’t alone in being an older language in need of securing, but things could have been so much worse:
C++ was not designed from the ground up to offer memory safety.
…and which rustup also uses:
curl --proto '=https' --tlsv1.2 -sSf [rustup-script URL] | sh
But as we also know, those “normal users” normally use ('doze) OSs sold by another “well-known” company. Fortunately, those users are also catered for:
Other Installation Methods - Rust Forge
…no mention of curl, wget or shells there - just “download and run” the appropriate installer: