On Sun, 28 Oct 2012 13:38:46 +0100, Petr P <petr....@gmail.com> wrote:
Erik, does cabal need to do any authenticated stuff? For downloading packages I think HTTP is perfectly fine. So we could have HTTP for cabal download only and HTTPS for everything else. Best regards, Petr Pudlak
Without checking a certificate, it could be that you are connected to a false server; without encryption, the package could be replaced by another package (a man-in-the-middle attack).
Regards, Henk-Jan van Tuyl -- http://Van.Tuyl.eu/ http://members.chello.nl/hjgtuyl/tourdemonad.html Haskell programming -- _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
