So how do we go forward about getting the SSL certificate and installing it?
On 29/10/12 01:06, Patrick Mylund Nielsen wrote: > Sure. No matter what's done in Cabal, the clients for everything else > will still be mainly browsers. > > On Mon, Oct 29, 2012 at 12:59 AM, Niklas Hambüchen <m...@nh2.me > <mailto:m...@nh2.me>> wrote: > > No matter what we do with cabal, it would be great if I could soon point > my browser at https://haskell.org *anyway*. > > On 28/10/12 23:55, Patrick Mylund Nielsen wrote: > > Of course, as long as Cabal itself is distributed through this same > > https-enabled site, you have the same PKI-backed security as just > about > > any major website. This model has problems, yes, but it's good enough, > > and it's easy to use. If you really want to improve it (without > > impacting usability), have Google/the browser vendors pin the public > > cert for haskell.org <http://haskell.org> <http://haskell.org>. > > > > On Mon, Oct 29, 2012 at 12:45 AM, Patrick Mylund Nielsen > > <hask...@patrickmylund.com <mailto:hask...@patrickmylund.com> > <mailto:hask...@patrickmylund.com > <mailto:hask...@patrickmylund.com>>> wrote: > > > > PGP tends to present many usability issues, and in this case it > > would make more sense/provide a clearer win if there were many > > different, semi-untrusted hackage mirrors. Just enable HTTPS and > > have Cabal validate the server certificate against a CA pool > of one. > > PKI/trusting obscure certificate authorities in Egypt and Syria is > > the biggest concern here, not somebody MITMing your initial Cabal > > installation (which in a lot of cases happens through apt-get or > > yum, anyway.) > > > > > > On Mon, Oct 29, 2012 at 12:34 AM, Changaco > <chang...@changaco.net <mailto:chang...@changaco.net> > > <mailto:chang...@changaco.net <mailto:chang...@changaco.net>>> > wrote: > > > > On Sun, 28 Oct 2012 17:07:24 -0400 Patrick Hurst wrote: > > > How do you get a copy of cabal while making sure that > somebody > > hasn't MITMed you and replaced the PGP key? > > > > Ultimately it is a DNS problem. To establish a secure > connection > > with > > haskell.org <http://haskell.org> <http://haskell.org> > you'd have to get the > > certificate from the DNS, but that > > technology is not ready yet, so all you can do is check > the key > > against > > as many sources as possible like Michael Walker said. > > > > On Sun, 28 Oct 2012 17:46:06 -0400 Patrick Hurst wrote: > > > So why not use HTTPS? > > > > Because it doesn't solve the problem. > > > > _______________________________________________ > > Haskell-Cafe mailing list > > Haskell-Cafe@haskell.org <mailto:Haskell-Cafe@haskell.org> > <mailto:Haskell-Cafe@haskell.org <mailto:Haskell-Cafe@haskell.org>> > > http://www.haskell.org/mailman/listinfo/haskell-cafe > > > > > > > > > > > > _______________________________________________ > > Haskell-Cafe mailing list > > Haskell-Cafe@haskell.org <mailto:Haskell-Cafe@haskell.org> > > http://www.haskell.org/mailman/listinfo/haskell-cafe > > > > _______________________________________________ > Haskell-Cafe mailing list > Haskell-Cafe@haskell.org <mailto:Haskell-Cafe@haskell.org> > http://www.haskell.org/mailman/listinfo/haskell-cafe > > _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
