2012/10/28 Iustin Pop <iu...@k1024.org>: > On Sun, Oct 28, 2012 at 01:38:46PM +0100, Petr P wrote: >> does cabal need to do any authenticated stuff? For downloading >> packages I think HTTP is perfectly fine. So we could have HTTP for >> cabal download only and HTTPS for everything else. > > Kindly disagree here. Ensuring that packages are downloaded > safely/correctly without MITM attacks is also important. Even if as an > option.
Good point. But if cabal+https is a problem, this could be solved by other means too, for example by signing the packages. Best regards, Petr Pudlak _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe