28 Oct
2012
28 Oct
'12
6:45 p.m.
On Sun, 28 Oct 2012 13:38:46 +0100, Petr P
Erik,
does cabal need to do any authenticated stuff? For downloading packages I think HTTP is perfectly fine. So we could have HTTP for cabal download only and HTTPS for everything else.
Best regards, Petr Pudlak
Without checking a certificate, it could be that you are connected to a false server; without encryption, the package could be replaced by another package (a man-in-the-middle attack). Regards, Henk-Jan van Tuyl -- http://Van.Tuyl.eu/ http://members.chello.nl/hjgtuyl/tourdemonad.html Haskell programming --