[Haskell-cafe] [Security] Put haskell.org on https

Michael Walker mike at barrucadu.co.uk
Sun Oct 28 22:43:49 CET 2012

> How do you get a copy of cabal while making sure that somebody hasn't
> MITMed you and replaced the PGP key?

You don't. Somewhere, you just have to trust that nothing went awry.
The best thing to do is just to make it as difficult as possible for an
attacker to be successful - make the PGP keys widely known and have a
lot of people sign them.

Michael Walker (http://www.barrucadu.co.uk)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20121028/3c0b8c28/attachment.pgp>

More information about the Haskell-Cafe mailing list