While I would love to have hackage available (or even forced) over https, I think the biggest reason it currently isn't, is that cabal would then also need https support. This means the HTTP library would need https support, which I've heard will be hard to implement cross-platform (read: on Windows).
However, I guess providing https as an option is still a huge step forwards compared to the current situation. Erik On Sun, Oct 28, 2012 at 1:20 AM, Niklas Hambüchen <m...@nh2.me> wrote: > (I have mentioned this several times on #haskell, but nothing has > happened so far.) > > Are you aware that all haskell.org websites (hackage, HaskellWiki, ghc > trac) allow unencrypted http connections only? > > This means that everyone in the same Wifi can potentially > > - read you passwords for all of these services > > - abuse your hackage account and override arbitrary packages > (especially since hackage allows everybody to override everything) > > > I propose we get an SSL certificate for haskell.org. > I also offer to donate that SSL certificate (or directly create it using > my Startcom account). > > Niklas > > _______________________________________________ > Haskell-Cafe mailing list > Haskell-Cafe@haskell.org > http://www.haskell.org/mailman/listinfo/haskell-cafe _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
