[Haskell-cafe] [Security] Put haskell.org on https
Erik Hesselink
hesselink at gmail.com
Sun Oct 28 13:28:41 CET 2012
While I would love to have hackage available (or even forced) over
https, I think the biggest reason it currently isn't, is that cabal
would then also need https support. This means the HTTP library would
need https support, which I've heard will be hard to implement
cross-platform (read: on Windows).
However, I guess providing https as an option is still a huge step
forwards compared to the current situation.
Erik
On Sun, Oct 28, 2012 at 1:20 AM, Niklas Hambüchen <mail at nh2.me> wrote:
> (I have mentioned this several times on #haskell, but nothing has
> happened so far.)
>
> Are you aware that all haskell.org websites (hackage, HaskellWiki, ghc
> trac) allow unencrypted http connections only?
>
> This means that everyone in the same Wifi can potentially
>
> - read you passwords for all of these services
>
> - abuse your hackage account and override arbitrary packages
> (especially since hackage allows everybody to override everything)
>
>
> I propose we get an SSL certificate for haskell.org.
> I also offer to donate that SSL certificate (or directly create it using
> my Startcom account).
>
> Niklas
>
> _______________________________________________
> Haskell-Cafe mailing list
> Haskell-Cafe at haskell.org
> http://www.haskell.org/mailman/listinfo/haskell-cafe
More information about the Haskell-Cafe
mailing list