On Thu, Apr 3, 2014 at 8:38 AM, Bryan O'Sullivan <b...@serpentine.com> wrote:
> > On Thu, Apr 3, 2014 at 7:44 AM, Bob Ippolito <b...@redivi.com> wrote: > >> If it works, how would it be worse than using no encryption >> whatsoever? Sure, maybe there would be a false sense of security, but it >> seems like a step in the right direction. >> > > Presumably that's the problem. We'd have a possibly zero amount of > end-to-end security, coupled with a possibly zero amount of trust in the > remote endpoint, but we have 20 years of human factors experience > demonstrating that people trust SSL by default even when they shouldn't. > Aren't we already well into the "people trust cabal-install by default even when they shouldn't" phase? :) For libraries that wrap a well scrutinized implementation, it appears that HsOpenSSL has some usage.
_______________________________________________ cabal-devel mailing list cabal-devel@haskell.org http://www.haskell.org/mailman/listinfo/cabal-devel
