On 3 April 2014 17:38, Bryan O'Sullivan wrote:
>
> Presumably that's the problem. We'd have a possibly zero amount of
> end-to-end security, coupled with a possibly zero amount of trust in the
> remote endpoint, but we have 20 years of human factors experience
> demonstrating that people trust SSL
On Thu, Apr 3, 2014 at 5:57 PM, Bob Ippolito wrote:
> it appears that HsOpenSSL has some usage.
If you care about security, it's the only viable option. Gnu TLS is really
buggy in my experience and the Haskell "tls" package is not widely enough
used to be a candidate (it also doesn't follow the
On Thu, Apr 3, 2014 at 8:38 AM, Bryan O'Sullivan wrote:
>
> On Thu, Apr 3, 2014 at 7:44 AM, Bob Ippolito wrote:
>
>> If it works, how would it be worse than using no encryption
>> whatsoever? Sure, maybe there would be a false sense of security, but it
>> seems like a step in the right direction
On Thu, Apr 3, 2014 at 7:44 AM, Bob Ippolito wrote:
> If it works, how would it be worse than using no encryption
> whatsoever? Sure, maybe there would be a false sense of security, but it
> seems like a step in the right direction.
>
Presumably that's the problem. We'd have a possibly zero amou
On Thursday, April 3, 2014, Johan Tibell wrote:
> On Thu, Apr 3, 2014 at 12:02 AM, Nikita Karetnikov
>
> > wrote:
>
>> > The big question we have to answer first is, how do we want to support
>> SSL?
>> > Do we want to use an existing, well-tested, well scrutinized SSL
>> > implementation and F
On Thu, Apr 3, 2014 at 12:02 AM, Nikita Karetnikov wrote:
> > The big question we have to answer first is, how do we want to support
> SSL?
> > Do we want to use an existing, well-tested, well scrutinized SSL
> > implementation and FFI bind to it? If so, which one and why? If not, are
> we
> > com
> The big question we have to answer first is, how do we want to support SSL?
> Do we want to use an existing, well-tested, well scrutinized SSL
> implementation and FFI bind to it? If so, which one and why? If not, are we
> comfortable enough with writing a correct SSL implementation? That's very
On Wed, Apr 2, 2014 at 12:22 PM, Herbert Valerio Riedel wrote:
> On 2014-04-01 at 22:43:47 +0200, Nikita Karetnikov wrote:
> > Turns out cabal-install itself uses HTTP. (Try to grep for "hackage" in
> > the source tree.) Is it due to the HTTP library, which doesn't support
> > HTTPS (4000.2.12
On 2014-04-01 at 22:43:47 +0200, Nikita Karetnikov wrote:
> Turns out cabal-install itself uses HTTP. (Try to grep for “hackage” in
> the source tree.) Is it due to the HTTP library, which doesn’t support
> HTTPS (4000.2.12 returns “user error (https not supported)”)?
>
> Is there any interest in
Turns out cabal-install itself uses HTTP. (Try to grep for “hackage” in
the source tree.) Is it due to the HTTP library, which doesn’t support
HTTPS (4000.2.12 returns “user error (https not supported)”)?
Is there any interest in changing the current state of things? And if
so, what is the best
10 matches
Mail list logo
