Sure. No matter what's done in Cabal, the clients for everything else will still be mainly browsers.<br><br><div class="gmail_quote">On Mon, Oct 29, 2012 at 12:59 AM, Niklas Hambüchen <span dir="ltr"><<a href="mailto:mail@nh2.me" target="_blank">mail@nh2.me</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">No matter what we do with cabal, it would be great if I could soon point<br>
my browser at <a href="https://haskell.org" target="_blank">https://haskell.org</a> *anyway*.<br>
<div class="im"><br>
On 28/10/12 23:55, Patrick Mylund Nielsen wrote:<br>
> Of course, as long as Cabal itself is distributed through this same<br>
> https-enabled site, you have the same PKI-backed security as just about<br>
> any major website. This model has problems, yes, but it's good enough,<br>
> and it's easy to use. If you really want to improve it (without<br>
> impacting usability), have Google/the browser vendors pin the public<br>
</div>> cert for <a href="http://haskell.org" target="_blank">haskell.org</a> <<a href="http://haskell.org" target="_blank">http://haskell.org</a>>.<br>
<div class="im">><br>
> On Mon, Oct 29, 2012 at 12:45 AM, Patrick Mylund Nielsen<br>
</div><div class="im">> <<a href="mailto:haskell@patrickmylund.com">haskell@patrickmylund.com</a> <mailto:<a href="mailto:haskell@patrickmylund.com">haskell@patrickmylund.com</a>>> wrote:<br>
><br>
> PGP tends to present many usability issues, and in this case it<br>
> would make more sense/provide a clearer win if there were many<br>
> different, semi-untrusted hackage mirrors. Just enable HTTPS and<br>
> have Cabal validate the server certificate against a CA pool of one.<br>
> PKI/trusting obscure certificate authorities in Egypt and Syria is<br>
> the biggest concern here, not somebody MITMing your initial Cabal<br>
> installation (which in a lot of cases happens through apt-get or<br>
> yum, anyway.)<br>
><br>
><br>
> On Mon, Oct 29, 2012 at 12:34 AM, Changaco <<a href="mailto:changaco@changaco.net">changaco@changaco.net</a><br>
</div><div class="im">> <mailto:<a href="mailto:changaco@changaco.net">changaco@changaco.net</a>>> wrote:<br>
><br>
> On Sun, 28 Oct 2012 17:07:24 -0400 Patrick Hurst wrote:<br>
> > How do you get a copy of cabal while making sure that somebody<br>
> hasn't MITMed you and replaced the PGP key?<br>
><br>
> Ultimately it is a DNS problem. To establish a secure connection<br>
> with<br>
</div>> <a href="http://haskell.org" target="_blank">haskell.org</a> <<a href="http://haskell.org" target="_blank">http://haskell.org</a>> you'd have to get the<br>
<div class="im">> certificate from the DNS, but that<br>
> technology is not ready yet, so all you can do is check the key<br>
> against<br>
> as many sources as possible like Michael Walker said.<br>
><br>
> On Sun, 28 Oct 2012 17:46:06 -0400 Patrick Hurst wrote:<br>
> > So why not use HTTPS?<br>
><br>
> Because it doesn't solve the problem.<br>
><br>
> _______________________________________________<br>
> Haskell-Cafe mailing list<br>
</div>> <a href="mailto:Haskell-Cafe@haskell.org">Haskell-Cafe@haskell.org</a> <mailto:<a href="mailto:Haskell-Cafe@haskell.org">Haskell-Cafe@haskell.org</a>><br>
> <a href="http://www.haskell.org/mailman/listinfo/haskell-cafe" target="_blank">http://www.haskell.org/mailman/listinfo/haskell-cafe</a><br>
<div class="HOEnZb"><div class="h5">><br>
><br>
><br>
><br>
><br>
> _______________________________________________<br>
> Haskell-Cafe mailing list<br>
> <a href="mailto:Haskell-Cafe@haskell.org">Haskell-Cafe@haskell.org</a><br>
> <a href="http://www.haskell.org/mailman/listinfo/haskell-cafe" target="_blank">http://www.haskell.org/mailman/listinfo/haskell-cafe</a><br>
><br>
<br>
_______________________________________________<br>
Haskell-Cafe mailing list<br>
<a href="mailto:Haskell-Cafe@haskell.org">Haskell-Cafe@haskell.org</a><br>
<a href="http://www.haskell.org/mailman/listinfo/haskell-cafe" target="_blank">http://www.haskell.org/mailman/listinfo/haskell-cafe</a><br>
</div></div></blockquote></div><br>