On Thursday, April 3, 2014, Johan Tibell <[email protected]> wrote:
> On Thu, Apr 3, 2014 at 12:02 AM, Nikita Karetnikov > <[email protected]<javascript:_e(%7B%7D,'cvml','[email protected]');> > > wrote: > >> > The big question we have to answer first is, how do we want to support >> SSL? >> > Do we want to use an existing, well-tested, well scrutinized SSL >> > implementation and FFI bind to it? If so, which one and why? If not, >> are we >> > comfortable enough with writing a correct SSL implementation? That's >> very >> > hard. >> >> Why write your own? We could try to come up with a list of >> requirements, so every HTTPS library on Hackage could be evaluated. Is >> anyone knowledgeable of cabal-install interested in composing such a >> list? >> > > "Write our own" as in "use a pure Haskell implementation of SSL from > Hackage". This has been suggested when this question came up in the past > and I'm skeptical to that from a security perspective. > If it works, how would it be worse than using no encryption whatsoever? Sure, maybe there would be a false sense of security, but it seems like a step in the right direction.
_______________________________________________ cabal-devel mailing list [email protected] http://www.haskell.org/mailman/listinfo/cabal-devel
