On 3 April 2014 17:38, Bryan O'Sullivan <[email protected]> wrote: > > Presumably that's the problem. We'd have a possibly zero amount of > end-to-end security, coupled with a possibly zero amount of trust in the > remote endpoint, but we have 20 years of human factors experience > demonstrating that people trust SSL by default even when they shouldn't.
There was a suggestion to make Hackage digitally sign packages and ship the public key inside the cabal-install tarball. This could be used in addition to HTTPS downloads. _______________________________________________ cabal-devel mailing list [email protected] http://www.haskell.org/mailman/listinfo/cabal-devel
