28 Oct
2012
28 Oct
'12
1:45 p.m.
On Sun, Oct 28, 2012 at 01:38:46PM +0100, Petr P wrote:
Erik,
does cabal need to do any authenticated stuff? For downloading packages I think HTTP is perfectly fine. So we could have HTTP for cabal download only and HTTPS for everything else.
Kindly disagree here. Ensuring that packages are downloaded safely/correctly without MITM attacks is also important. Even if as an option. regards, iustin