Do it at home. If you're at an internet cafe, though, it'd be nice if you could trust cabal packages.
- Clark On Sun, Oct 28, 2012 at 5:07 PM, Patrick Hurst <phu...@amateurtopologist.com > wrote: > > On Oct 28, 2012, at 4:38 PM, Changaco <chang...@changaco.net> wrote: > > > On Sun, 28 Oct 2012 17:46:10 +0100 Petr P wrote: > >> In this particular case, cabal can have the public part of the > >> certificate built-in (as it has the web address built in). So once one > >> has a verified installation of cabal, it can verify the server > >> packages without being susceptible to MitM attack (no matter if > >> they're PGP signed or X.509 signed). > > > > This is PGP's security model, so it's probably better to use PGP keys. > > > How do you get a copy of cabal while making sure that somebody hasn't > MITMed you and replaced the PGP key? > _______________________________________________ > Haskell-Cafe mailing list > Haskell-Cafe@haskell.org > http://www.haskell.org/mailman/listinfo/haskell-cafe >
_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe