[Haskell-cafe] [Security] Put haskell.org on https

Henk-Jan van Tuyl hjgtuyl at chello.nl
Sun Oct 28 19:45:39 CET 2012

On Sun, 28 Oct 2012 13:38:46 +0100, Petr P <petr.mvd at gmail.com> wrote:

>   Erik,
> does cabal need to do any authenticated stuff? For downloading
> packages I think HTTP is perfectly fine. So we could have HTTP for
> cabal download only and HTTPS for everything else.
>   Best regards,
>   Petr Pudlak

Without checking a certificate, it could be that you are connected to a  
false server; without encryption, the package could be replaced by another  
package (a man-in-the-middle attack).

Henk-Jan van Tuyl

Haskell programming

More information about the Haskell-Cafe mailing list