On Sun, 28 Oct 2012 17:46:10 +0100 Petr P wrote: > In this particular case, cabal can have the public part of the > certificate built-in (as it has the web address built in). So once one > has a verified installation of cabal, it can verify the server > packages without being susceptible to MitM attack (no matter if > they're PGP signed or X.509 signed).
This is PGP's security model, so it's probably better to use PGP keys. _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
