Thanks Iavor et al. I agree. I'll see what we can do. We have budget for this so hopefully it will be a simple matter of finding people to implement the change.
Jason On Fri, Nov 2, 2012 at 10:34 AM, Iavor Diatchki <iavor.diatc...@gmail.com>wrote: > Hello, > > I think that getting a certificate is a good idea. I think this could > probably be arranged by the haskell.org committee, which even has a > budget for things like that, I believe. I'm cc-ing Jason, who's on > the committee and might have more input on what's the best way to proceed. > > Thanks for bringing this up! > -Iavor > > > On Fri, Nov 2, 2012 at 5:14 AM, Ramana Kumar <ramana.ku...@cl.cam.ac.uk>wrote: > >> Who is the webmaster for haskell.org? Presumably they will be required >> in the process of installing the certificate. >> >> As far as obtaining goes, one can obtain a free certificate from StartSSL >> - see https://www.startssl.com >> There are other CAs, but if nobody has any strong preferences, I >> recommend going with them. >> >> >> On Tue, Oct 30, 2012 at 8:52 PM, Niklas Hambüchen <m...@nh2.me> wrote: >> >>> So how do we go forward about getting the SSL certificate and installing >>> it? >>> >>> On 29/10/12 01:06, Patrick Mylund Nielsen wrote: >>> > Sure. No matter what's done in Cabal, the clients for everything else >>> > will still be mainly browsers. >>> > >>> > On Mon, Oct 29, 2012 at 12:59 AM, Niklas Hambüchen <m...@nh2.me >>> > <mailto:m...@nh2.me>> wrote: >>> > >>> > No matter what we do with cabal, it would be great if I could soon >>> point >>> > my browser at https://haskell.org *anyway*. >>> > >>> > On 28/10/12 23:55, Patrick Mylund Nielsen wrote: >>> > > Of course, as long as Cabal itself is distributed through this >>> same >>> > > https-enabled site, you have the same PKI-backed security as just >>> > about >>> > > any major website. This model has problems, yes, but it's good >>> enough, >>> > > and it's easy to use. If you really want to improve it (without >>> > > impacting usability), have Google/the browser vendors pin the >>> public >>> > > cert for haskell.org <http://haskell.org> <http://haskell.org>. >>> > > >>> > > On Mon, Oct 29, 2012 at 12:45 AM, Patrick Mylund Nielsen >>> > > <hask...@patrickmylund.com <mailto:hask...@patrickmylund.com> >>> > <mailto:hask...@patrickmylund.com >>> > <mailto:hask...@patrickmylund.com>>> wrote: >>> > > >>> > > PGP tends to present many usability issues, and in this case >>> it >>> > > would make more sense/provide a clearer win if there were >>> many >>> > > different, semi-untrusted hackage mirrors. Just enable HTTPS >>> and >>> > > have Cabal validate the server certificate against a CA pool >>> > of one. >>> > > PKI/trusting obscure certificate authorities in Egypt and >>> Syria is >>> > > the biggest concern here, not somebody MITMing your initial >>> Cabal >>> > > installation (which in a lot of cases happens through >>> apt-get or >>> > > yum, anyway.) >>> > > >>> > > >>> > > On Mon, Oct 29, 2012 at 12:34 AM, Changaco >>> > <chang...@changaco.net <mailto:chang...@changaco.net> >>> > > <mailto:chang...@changaco.net <mailto:chang...@changaco.net >>> >>> >>> > wrote: >>> > > >>> > > On Sun, 28 Oct 2012 17:07:24 -0400 Patrick Hurst wrote: >>> > > > How do you get a copy of cabal while making sure that >>> > somebody >>> > > hasn't MITMed you and replaced the PGP key? >>> > > >>> > > Ultimately it is a DNS problem. To establish a secure >>> > connection >>> > > with >>> > > haskell.org <http://haskell.org> <http://haskell.org> >>> > you'd have to get the >>> > > certificate from the DNS, but that >>> > > technology is not ready yet, so all you can do is check >>> > the key >>> > > against >>> > > as many sources as possible like Michael Walker said. >>> > > >>> > > On Sun, 28 Oct 2012 17:46:06 -0400 Patrick Hurst wrote: >>> > > > So why not use HTTPS? >>> > > >>> > > Because it doesn't solve the problem. >>> > > >>> > > _______________________________________________ >>> > > Haskell-Cafe mailing list >>> > > Haskell-Cafe@haskell.org <mailto: >>> Haskell-Cafe@haskell.org> >>> > <mailto:Haskell-Cafe@haskell.org <mailto:Haskell-Cafe@haskell.org >>> >> >>> > > http://www.haskell.org/mailman/listinfo/haskell-cafe >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > _______________________________________________ >>> > > Haskell-Cafe mailing list >>> > > Haskell-Cafe@haskell.org <mailto:Haskell-Cafe@haskell.org> >>> > > http://www.haskell.org/mailman/listinfo/haskell-cafe >>> > > >>> > >>> > _______________________________________________ >>> > Haskell-Cafe mailing list >>> > Haskell-Cafe@haskell.org <mailto:Haskell-Cafe@haskell.org> >>> > http://www.haskell.org/mailman/listinfo/haskell-cafe >>> > >>> > >>> >>> _______________________________________________ >>> Haskell-Cafe mailing list >>> Haskell-Cafe@haskell.org >>> http://www.haskell.org/mailman/listinfo/haskell-cafe >>> >> >> >> _______________________________________________ >> Haskell-Cafe mailing list >> Haskell-Cafe@haskell.org >> http://www.haskell.org/mailman/listinfo/haskell-cafe >> >> >
_______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
