[Haskell-cafe] [Security] Put haskell.org on https
changaco at changaco.net
Sun Oct 28 16:26:07 CET 2012
On Sun, 28 Oct 2012 14:45:02 +0100 Iustin Pop wrote:
> Kindly disagree here. Ensuring that packages are downloaded
> safely/correctly without MITM attacks is also important. Even if as an
HTTPS doesn't fully protect against a MITM since there is no shared
secret between client and server prior to the connection.
The MITM can use a self-signed certificate, or possibly a certificate
signed by a compromised CA.
More information about the Haskell-Cafe