[Haskell-cafe] [Security] Put haskell.org on https
Clark Gaebel
cgaebel at uwaterloo.ca
Sun Oct 28 22:25:07 CET 2012
Do it at home.
If you're at an internet cafe, though, it'd be nice if you could trust
cabal packages.
- Clark
On Sun, Oct 28, 2012 at 5:07 PM, Patrick Hurst <phurst at amateurtopologist.com
> wrote:
>
> On Oct 28, 2012, at 4:38 PM, Changaco <changaco at changaco.net> wrote:
>
> > On Sun, 28 Oct 2012 17:46:10 +0100 Petr P wrote:
> >> In this particular case, cabal can have the public part of the
> >> certificate built-in (as it has the web address built in). So once one
> >> has a verified installation of cabal, it can verify the server
> >> packages without being susceptible to MitM attack (no matter if
> >> they're PGP signed or X.509 signed).
> >
> > This is PGP's security model, so it's probably better to use PGP keys.
>
>
> How do you get a copy of cabal while making sure that somebody hasn't
> MITMed you and replaced the PGP key?
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe at haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20121028/7f45b9ff/attachment.htm>
More information about the Haskell-Cafe
mailing list