[Haskell-cafe] [Security] Put haskell.org on https
Henk-Jan van Tuyl
hjgtuyl at chello.nl
Sun Oct 28 19:45:39 CET 2012
On Sun, 28 Oct 2012 13:38:46 +0100, Petr P <petr.mvd at gmail.com> wrote:
> Erik,
>
> does cabal need to do any authenticated stuff? For downloading
> packages I think HTTP is perfectly fine. So we could have HTTP for
> cabal download only and HTTPS for everything else.
>
> Best regards,
> Petr Pudlak
>
Without checking a certificate, it could be that you are connected to a
false server; without encryption, the package could be replaced by another
package (a man-in-the-middle attack).
Regards,
Henk-Jan van Tuyl
--
http://Van.Tuyl.eu/
http://members.chello.nl/hjgtuyl/tourdemonad.html
Haskell programming
--
More information about the Haskell-Cafe
mailing list