[Haskell-cafe] [Security] Put haskell.org on https
petr.mvd at gmail.com
Sun Oct 28 09:51:24 CET 2012
2012/10/28 Francesco Mazzoli <f at mazzo.li>:
> At Sun, 28 Oct 2012 00:20:16 +0100,
> Niklas Hambüchen wrote:
>> (I have mentioned this several times on #haskell, but nothing has
>> happened so far.)
>> Are you aware that all haskell.org websites (hackage, HaskellWiki, ghc
>> trac) allow unencrypted http connections only?
>> This means that everyone in the same Wifi can potentially
>> - read you passwords for all of these services
>> - abuse your hackage account and override arbitrary packages
>> (especially since hackage allows everybody to override everything)
>> I propose we get an SSL certificate for haskell.org.
>> I also offer to donate that SSL certificate (or directly create it using
>> my Startcom account).
> Agreed, I can chip in - but I think a certificate is pretty cheap nowadays :).
Good idea, I completely support it. Major sites like Google, Github,
BitBucket, etc. are https only nowadays.
More information about the Haskell-Cafe