cabal-install: Replacing HTTP with HTTPS

Mikhail Glushenkov the.dead.shall.rise at gmail.com
Fri Apr 4 22:41:27 UTC 2014


On 3 April 2014 17:38, Bryan O'Sullivan <bos at serpentine.com> wrote:
>
> Presumably that's the problem. We'd have a possibly zero amount of
> end-to-end security, coupled with a possibly zero amount of trust in the
> remote endpoint, but we have 20 years of human factors experience
> demonstrating that people trust SSL by default even when they shouldn't.

There was a suggestion to make Hackage digitally sign packages and
ship the public key inside the cabal-install tarball. This could be
used in addition to HTTPS downloads.


More information about the cabal-devel mailing list