cabal-install: Replacing HTTP with HTTPS
Johan Tibell
johan.tibell at gmail.com
Thu Apr 3 08:55:43 UTC 2014
On Thu, Apr 3, 2014 at 12:02 AM, Nikita Karetnikov <nikita at karetnikov.org>wrote:
> > The big question we have to answer first is, how do we want to support
> SSL?
> > Do we want to use an existing, well-tested, well scrutinized SSL
> > implementation and FFI bind to it? If so, which one and why? If not, are
> we
> > comfortable enough with writing a correct SSL implementation? That's very
> > hard.
>
> Why write your own? We could try to come up with a list of
> requirements, so every HTTPS library on Hackage could be evaluated. Is
> anyone knowledgeable of cabal-install interested in composing such a
> list?
>
"Write our own" as in "use a pure Haskell implementation of SSL from
Hackage". This has been suggested when this question came up in the past
and I'm skeptical to that from a security perspective.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/cabal-devel/attachments/20140403/7425e786/attachment.html>
More information about the cabal-devel
mailing list