[Haskell-cafe] [Security] Put haskell.org on https

Iustin Pop iusty at k1024.org
Sun Oct 28 14:45:02 CET 2012


On Sun, Oct 28, 2012 at 01:38:46PM +0100, Petr P wrote:
>   Erik,
> 
> does cabal need to do any authenticated stuff? For downloading
> packages I think HTTP is perfectly fine. So we could have HTTP for
> cabal download only and HTTPS for everything else.

Kindly disagree here. Ensuring that packages are downloaded
safely/correctly without MITM attacks is also important. Even if as an
option.

regards,
iustin



More information about the Haskell-Cafe mailing list