[Haskell-cafe] [Security] Put haskell.org on https
Ramana Kumar
Ramana.Kumar at cl.cam.ac.uk
Sun Oct 28 11:06:09 CET 2012
I support this proposal too.
More reasons to use HTTPS can be found at
https://www.eff.org/https-everywhere/deploying-https
On Sun, Oct 28, 2012 at 8:51 AM, Petr P <petr.mvd at gmail.com> wrote:
> 2012/10/28 Francesco Mazzoli <f at mazzo.li>:
> > At Sun, 28 Oct 2012 00:20:16 +0100,
> > Niklas Hambüchen wrote:
> >> (I have mentioned this several times on #haskell, but nothing has
> >> happened so far.)
> >>
> >> Are you aware that all haskell.org websites (hackage, HaskellWiki, ghc
> >> trac) allow unencrypted http connections only?
> >>
> >> This means that everyone in the same Wifi can potentially
> >>
> >> - read you passwords for all of these services
> >>
> >> - abuse your hackage account and override arbitrary packages
> >> (especially since hackage allows everybody to override everything)
> >>
> >>
> >> I propose we get an SSL certificate for haskell.org.
> >> I also offer to donate that SSL certificate (or directly create it using
> >> my Startcom account).
> >
> > Agreed, I can chip in - but I think a certificate is pretty cheap
> nowadays :).
>
> Good idea, I completely support it. Major sites like Google, Github,
> BitBucket, etc. are https only nowadays.
>
> Petr Pudlak
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe at haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20121028/6cc2081d/attachment.htm>
More information about the Haskell-Cafe
mailing list