[Haskell-cafe] [Security] Put haskell.org on https

Changaco changaco at changaco.net
Sun Oct 28 16:26:07 CET 2012

On Sun, 28 Oct 2012 14:45:02 +0100 Iustin Pop wrote:
> Kindly disagree here. Ensuring that packages are downloaded
> safely/correctly without MITM attacks is also important. Even if as an
> option.

HTTPS doesn't fully protect against a MITM since there is no shared
secret between client and server prior to the connection.

The MITM can use a self-signed certificate, or possibly a certificate
signed by a compromised CA.

More information about the Haskell-Cafe mailing list