On Sun, Oct 28, 2012 at 01:38:46PM +0100, Petr P wrote: > Erik, > > does cabal need to do any authenticated stuff? For downloading > packages I think HTTP is perfectly fine. So we could have HTTP for > cabal download only and HTTPS for everything else.
Kindly disagree here. Ensuring that packages are downloaded safely/correctly without MITM attacks is also important. Even if as an option. regards, iustin _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe