cabal-install: Replacing HTTP with HTTPS

Bryan O'Sullivan bos at serpentine.com
Thu Apr 3 15:38:37 UTC 2014


On Thu, Apr 3, 2014 at 7:44 AM, Bob Ippolito <bob at redivi.com> wrote:

> If it works, how would it be worse than using no encryption
> whatsoever? Sure, maybe there would be a false sense of security, but it
> seems like a step in the right direction.
>

Presumably that's the problem. We'd have a possibly zero amount of
end-to-end security, coupled with a possibly zero amount of trust in the
remote endpoint, but we have 20 years of human factors experience
demonstrating that people trust SSL by default even when they shouldn't.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/cabal-devel/attachments/20140403/76471be7/attachment.html>


More information about the cabal-devel mailing list