[cordite]

Just a thought, why not have fingerprints be like a Merkle tree?

A (naive) example: a built package has the hash derived from the package identity and all dependency hashes at compile / link time.

[jfischoff]

This is the plan I think, or something like it.

Currently package are referred to by unique hash that sort of works this way, but there are few unfortunate restrictions in GHC and cabal that need to be lifted to allow future installations to not conflict with past installations (multiple instances of the same version, right now there can only be one foo-0.1.0.0 even though it also has a unique hash).

[zimbatm]

Note that it's not optimal either, a small variation in a root dependency can trigger the recompilation of the whole tree, even if the change is backward-compatible.