No matter what we do with cabal, it would be great if I could soon point my browser at https://haskell.org *anyway*.
On 28/10/12 23:55, Patrick Mylund Nielsen wrote: > Of course, as long as Cabal itself is distributed through this same > https-enabled site, you have the same PKI-backed security as just about > any major website. This model has problems, yes, but it's good enough, > and it's easy to use. If you really want to improve it (without > impacting usability), have Google/the browser vendors pin the public > cert for haskell.org <http://haskell.org>. > > On Mon, Oct 29, 2012 at 12:45 AM, Patrick Mylund Nielsen > <hask...@patrickmylund.com <mailto:hask...@patrickmylund.com>> wrote: > > PGP tends to present many usability issues, and in this case it > would make more sense/provide a clearer win if there were many > different, semi-untrusted hackage mirrors. Just enable HTTPS and > have Cabal validate the server certificate against a CA pool of one. > PKI/trusting obscure certificate authorities in Egypt and Syria is > the biggest concern here, not somebody MITMing your initial Cabal > installation (which in a lot of cases happens through apt-get or > yum, anyway.) > > > On Mon, Oct 29, 2012 at 12:34 AM, Changaco <chang...@changaco.net > <mailto:chang...@changaco.net>> wrote: > > On Sun, 28 Oct 2012 17:07:24 -0400 Patrick Hurst wrote: > > How do you get a copy of cabal while making sure that somebody > hasn't MITMed you and replaced the PGP key? > > Ultimately it is a DNS problem. To establish a secure connection > with > haskell.org <http://haskell.org> you'd have to get the > certificate from the DNS, but that > technology is not ready yet, so all you can do is check the key > against > as many sources as possible like Michael Walker said. > > On Sun, 28 Oct 2012 17:46:06 -0400 Patrick Hurst wrote: > > So why not use HTTPS? > > Because it doesn't solve the problem. > > _______________________________________________ > Haskell-Cafe mailing list > Haskell-Cafe@haskell.org <mailto:Haskell-Cafe@haskell.org> > http://www.haskell.org/mailman/listinfo/haskell-cafe > > > > > > _______________________________________________ > Haskell-Cafe mailing list > Haskell-Cafe@haskell.org > http://www.haskell.org/mailman/listinfo/haskell-cafe > _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
