Do it at home.
If you're at an internet cafe, though, it'd be nice if you could trust
cabal packages.
- Clark
On Sun, Oct 28, 2012 at 5:07 PM, Patrick Hurst wrote: On Oct 28, 2012, at 4:38 PM, Changaco On Sun, 28 Oct 2012 17:46:10 +0100 Petr P wrote: In this particular case, cabal can have the public part of the
certificate built-in (as it has the web address built in). So once one
has a verified installation of cabal, it can verify the server
packages without being susceptible to MitM attack (no matter if
they're PGP signed or X.509 signed). This is PGP's security model, so it's probably better to use PGP keys. How do you get a copy of cabal while making sure that somebody hasn't
MITMed you and replaced the PGP key?
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe