On Sun, 28 Oct 2012 14:45:02 +0100 Iustin Pop wrote: > Kindly disagree here. Ensuring that packages are downloaded > safely/correctly without MITM attacks is also important. Even if as an > option.
HTTPS doesn't fully protect against a MITM since there is no shared secret between client and server prior to the connection. The MITM can use a self-signed certificate, or possibly a certificate signed by a compromised CA. _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
