[Haskell-cafe] [Security] Put haskell.org on https
José Pedro Magalhães
jpm at cs.uu.nl
Sun Oct 28 07:37:16 CET 2012
+1
Pedro
On Sun, Oct 28, 2012 at 12:20 AM, Niklas Hambüchen <mail at nh2.me> wrote:
> (I have mentioned this several times on #haskell, but nothing has
> happened so far.)
>
> Are you aware that all haskell.org websites (hackage, HaskellWiki, ghc
> trac) allow unencrypted http connections only?
>
> This means that everyone in the same Wifi can potentially
>
> - read you passwords for all of these services
>
> - abuse your hackage account and override arbitrary packages
> (especially since hackage allows everybody to override everything)
>
>
> I propose we get an SSL certificate for haskell.org.
> I also offer to donate that SSL certificate (or directly create it using
> my Startcom account).
>
> Niklas
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe at haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20121028/b9e5760d/attachment.htm>
More information about the Haskell-Cafe
mailing list