On Thu, Apr 3, 2014 at 8:38 AM, Bryan O'Sullivan <[email protected]> wrote:
> > On Thu, Apr 3, 2014 at 7:44 AM, Bob Ippolito <[email protected]> wrote: > >> If it works, how would it be worse than using no encryption >> whatsoever? Sure, maybe there would be a false sense of security, but it >> seems like a step in the right direction. >> > > Presumably that's the problem. We'd have a possibly zero amount of > end-to-end security, coupled with a possibly zero amount of trust in the > remote endpoint, but we have 20 years of human factors experience > demonstrating that people trust SSL by default even when they shouldn't. > Aren't we already well into the "people trust cabal-install by default even when they shouldn't" phase? :) For libraries that wrap a well scrutinized implementation, it appears that HsOpenSSL has some usage.
_______________________________________________ cabal-devel mailing list [email protected] http://www.haskell.org/mailman/listinfo/cabal-devel
