[Haskell-cafe] Ticking time bomb

Niklas Hambüchen mail at nh2.me
Wed Jan 30 23:48:20 CET 2013

You are right, I skipped over that this was actually a server-side
exploit - sure, end-to-end signing will help here.

On 30/01/13 19:47, Edward Z. Yang wrote:
>> As long as we upload packages via plain HTTP, signing won't help though.

More information about the Haskell-Cafe mailing list