On 3 April 2014 17:38, Bryan O'Sullivan <b...@serpentine.com> wrote: > > Presumably that's the problem. We'd have a possibly zero amount of > end-to-end security, coupled with a possibly zero amount of trust in the > remote endpoint, but we have 20 years of human factors experience > demonstrating that people trust SSL by default even when they shouldn't.
There was a suggestion to make Hackage digitally sign packages and ship the public key inside the cabal-install tarball. This could be used in addition to HTTPS downloads. _______________________________________________ cabal-devel mailing list cabal-devel@haskell.org http://www.haskell.org/mailman/listinfo/cabal-devel