[Haskell-cafe] [Security] Put haskell.org on https
mail at nh2.me
Sun Oct 28 01:20:16 CEST 2012
(I have mentioned this several times on #haskell, but nothing has
happened so far.)
Are you aware that all haskell.org websites (hackage, HaskellWiki, ghc
trac) allow unencrypted http connections only?
This means that everyone in the same Wifi can potentially
- read you passwords for all of these services
- abuse your hackage account and override arbitrary packages
(especially since hackage allows everybody to override everything)
I propose we get an SSL certificate for haskell.org.
I also offer to donate that SSL certificate (or directly create it using
my Startcom account).
More information about the Haskell-Cafe