[Haskell-cafe] [Security] Put haskell.org on https

Francesco Mazzoli f at mazzo.li
Sun Oct 28 09:27:08 CET 2012

At Sun, 28 Oct 2012 00:20:16 +0100,
Niklas Hambüchen wrote:
> (I have mentioned this several times on #haskell, but nothing has
> happened so far.)
> Are you aware that all haskell.org websites (hackage, HaskellWiki, ghc
> trac) allow unencrypted http connections only?
> This means that everyone in the same Wifi can potentially
> - read you passwords for all of these services
> - abuse your hackage account and override arbitrary packages
>   (especially since hackage allows everybody to override everything)
> I propose we get an SSL certificate for haskell.org.
> I also offer to donate that SSL certificate (or directly create it using
> my Startcom account).

Agreed, I can chip in - but I think a certificate is pretty cheap nowadays :).


More information about the Haskell-Cafe mailing list