[Haskell-cafe] Status of ghcup?
Viktor Dukhovni
ietf-dane at dukhovni.org
Thu Feb 23 17:48:29 UTC 2023
On Thu, Feb 23, 2023 at 11:40:21AM +0100, Hécate wrote:
> And I of course forgot the most relevant part for you:
> https://www.haskell.org/ghcup/guide/#certificate-authority-errors-curl
Why not publish the relevant issuer certificate chain, it could even be
curated and regularly updated as ghcup "updates". The curl executable
has a "--cacert" option allowing the specification of an alternative
trust anchor (root CA if you prefer) and any missing intermediate
certificates.
It also supports a "CURL_CA_BUNDLE" environment variable, if that's
simpler.
An explicit (securely obtained) trust anchor is safer than ignoring
download source authentication.
--
Viktor.
More information about the Haskell-Cafe
mailing list