cabal-install: Replacing HTTP with HTTPS

Bryan O'Sullivan bos at
Thu Apr 3 15:38:37 UTC 2014

On Thu, Apr 3, 2014 at 7:44 AM, Bob Ippolito <bob at> wrote:

> If it works, how would it be worse than using no encryption
> whatsoever? Sure, maybe there would be a false sense of security, but it
> seems like a step in the right direction.

Presumably that's the problem. We'd have a possibly zero amount of
end-to-end security, coupled with a possibly zero amount of trust in the
remote endpoint, but we have 20 years of human factors experience
demonstrating that people trust SSL by default even when they shouldn't.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the cabal-devel mailing list