This is a request for end user input. Please use the Github reaction 👍 and 👎 emojis to share your thoughts.

Stack uses the hackage-security mechanism to download the package index (set of available packages on Hackage). hackage-security uses expiry times as part of its security. I'm personally not sold on this in Stack's usage, but we've stuck with the default until now.

Twice now, files from Hackage have fallen out-of-date, which has left Stack users unable to initialize new installations. We have no control over fixing that, and instead need to wait for the Hackage team to update the expired files.

Given that (1) this seems to be a recurring problem without any evidence of automation to solve it that I can see, and (2) I'm unconvinced that there is actually a security benefit to this feature, I propose that, by default, we disable the expiry checks in Stack. I propose we include this in the next point release of Stack, scheduled for the near future.

Related issues:

• Verification error: <repo>/mirrors.json is expired #3731
• mirrors.json expired: stack build has suddenly stopped working in all my projects #4927
• mirrors.json file is expired haskell/hackage-server#834

If you're on this issue and you need a workaround, please see my comment with a workaround.