On 2015-04-28 at 15:50:26 +0200, Michael Snoyman wrote: [...]
>> PS: We shouldn't forget that there's also an existing deployed >> cabal-install user-base we can't get rid off so easily, which may >> still leak unencrypted basic-auth credentials for the years to >> come. Just saying... > I agree on that front. I think that Hackage should turn away all uploads > that aren't TLS-secured, and should make that change ASAP. Well, even if you do that, you can only reject the upload-request *after* the http client has already leaked the basic-auth credentials over a non-secured http channel... :-/ So the only thing this measure would buy us IMHO is that CLI users would get an incentive to upgrade their cabal-install tooling (if they use e.g. `cabal upload`), but it wouldn't protect against accidentally falling back to an older cabal-install version picked up by accident (and then again compromising the credentials). I.e. this measure on its own wouldn't remove the unsecured basic-auth eavesdropping attack-window completely, only make it smaller. Cheers, hvr _______________________________________________ cabal-devel mailing list cabal-devel@haskell.org http://mail.haskell.org/cgi-bin/mailman/listinfo/cabal-devel
