cabal-install: Replacing HTTP with HTTPS

Mikhail Glushenkov the.dead.shall.rise at
Fri Apr 4 22:41:27 UTC 2014

On 3 April 2014 17:38, Bryan O'Sullivan <bos at> wrote:
> Presumably that's the problem. We'd have a possibly zero amount of
> end-to-end security, coupled with a possibly zero amount of trust in the
> remote endpoint, but we have 20 years of human factors experience
> demonstrating that people trust SSL by default even when they shouldn't.

There was a suggestion to make Hackage digitally sign packages and
ship the public key inside the cabal-install tarball. This could be
used in addition to HTTPS downloads.

More information about the cabal-devel mailing list