Thanks Iavor et al.<div><br></div><div>I agree. I'll see what we can do. We have budget for this so hopefully it will be a simple matter of finding people to implement the change.</div><div><br></div><div>Jason<br><br>
<div class="gmail_quote">On Fri, Nov 2, 2012 at 10:34 AM, Iavor Diatchki <span dir="ltr"><<a href="mailto:iavor.diatchki@gmail.com" target="_blank">iavor.diatchki@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello,<div><br></div><div>I think that getting a certificate is a good idea. I think this could probably be arranged by the <a href="http://haskell.org" target="_blank">haskell.org</a> committee, which even has a budget for things like that, I believe. I'm cc-ing Jason, who's on the committee and might have more input on what's the best way to proceed. </div>
<div><br></div><div>Thanks for bringing this up!</div><span class="HOEnZb"><font color="#888888"><div>-Iavor</div></font></span><div class="HOEnZb"><div class="h5">
<div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Nov 2, 2012 at 5:14 AM, Ramana Kumar <span dir="ltr"><<a href="mailto:Ramana.Kumar@cl.cam.ac.uk" target="_blank">Ramana.Kumar@cl.cam.ac.uk</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Who is the webmaster for <a href="http://haskell.org" target="_blank">haskell.org</a>? Presumably they will be required in the process of installing the certificate.<br>
<br>As far as obtaining goes, one can obtain a free certificate from StartSSL - see <a href="https://www.startssl.com" target="_blank">https://www.startssl.com</a><br>
There are other CAs, but if nobody has any strong preferences, I recommend going with them.<div><div><br><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Oct 30, 2012 at 8:52 PM, Niklas Hambüchen <span dir="ltr"><<a href="mailto:mail@nh2.me" target="_blank">mail@nh2.me</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">So how do we go forward about getting the SSL certificate and installing it?<br>
<div><br>
On 29/10/12 01:06, Patrick Mylund Nielsen wrote:<br>
> Sure. No matter what's done in Cabal, the clients for everything else<br>
> will still be mainly browsers.<br>
><br>
> On Mon, Oct 29, 2012 at 12:59 AM, Niklas Hambüchen <<a href="mailto:mail@nh2.me" target="_blank">mail@nh2.me</a><br>
</div><div>> <mailto:<a href="mailto:mail@nh2.me" target="_blank">mail@nh2.me</a>>> wrote:<br>
><br>
> No matter what we do with cabal, it would be great if I could soon point<br>
> my browser at <a href="https://haskell.org" target="_blank">https://haskell.org</a> *anyway*.<br>
><br>
> On 28/10/12 23:55, Patrick Mylund Nielsen wrote:<br>
> > Of course, as long as Cabal itself is distributed through this same<br>
> > https-enabled site, you have the same PKI-backed security as just<br>
> about<br>
> > any major website. This model has problems, yes, but it's good enough,<br>
> > and it's easy to use. If you really want to improve it (without<br>
> > impacting usability), have Google/the browser vendors pin the public<br>
</div>> > cert for <a href="http://haskell.org" target="_blank">haskell.org</a> <<a href="http://haskell.org" target="_blank">http://haskell.org</a>> <<a href="http://haskell.org" target="_blank">http://haskell.org</a>>.<br>
<div>> ><br>
> > On Mon, Oct 29, 2012 at 12:45 AM, Patrick Mylund Nielsen<br>
> > <<a href="mailto:haskell@patrickmylund.com" target="_blank">haskell@patrickmylund.com</a> <mailto:<a href="mailto:haskell@patrickmylund.com" target="_blank">haskell@patrickmylund.com</a>><br>
</div>> <mailto:<a href="mailto:haskell@patrickmylund.com" target="_blank">haskell@patrickmylund.com</a><br>
<div>> <mailto:<a href="mailto:haskell@patrickmylund.com" target="_blank">haskell@patrickmylund.com</a>>>> wrote:<br>
> ><br>
> > PGP tends to present many usability issues, and in this case it<br>
> > would make more sense/provide a clearer win if there were many<br>
> > different, semi-untrusted hackage mirrors. Just enable HTTPS and<br>
> > have Cabal validate the server certificate against a CA pool<br>
> of one.<br>
> > PKI/trusting obscure certificate authorities in Egypt and Syria is<br>
> > the biggest concern here, not somebody MITMing your initial Cabal<br>
> > installation (which in a lot of cases happens through apt-get or<br>
> > yum, anyway.)<br>
> ><br>
> ><br>
> > On Mon, Oct 29, 2012 at 12:34 AM, Changaco<br>
> <<a href="mailto:changaco@changaco.net" target="_blank">changaco@changaco.net</a> <mailto:<a href="mailto:changaco@changaco.net" target="_blank">changaco@changaco.net</a>><br>
</div>> > <mailto:<a href="mailto:changaco@changaco.net" target="_blank">changaco@changaco.net</a> <mailto:<a href="mailto:changaco@changaco.net" target="_blank">changaco@changaco.net</a>>>><br>
<div>> wrote:<br>
> ><br>
> > On Sun, 28 Oct 2012 17:07:24 -0400 Patrick Hurst wrote:<br>
> > > How do you get a copy of cabal while making sure that<br>
> somebody<br>
> > hasn't MITMed you and replaced the PGP key?<br>
> ><br>
> > Ultimately it is a DNS problem. To establish a secure<br>
> connection<br>
> > with<br>
</div>> > <a href="http://haskell.org" target="_blank">haskell.org</a> <<a href="http://haskell.org" target="_blank">http://haskell.org</a>> <<a href="http://haskell.org" target="_blank">http://haskell.org</a>><br>
<div>> you'd have to get the<br>
> > certificate from the DNS, but that<br>
> > technology is not ready yet, so all you can do is check<br>
> the key<br>
> > against<br>
> > as many sources as possible like Michael Walker said.<br>
> ><br>
> > On Sun, 28 Oct 2012 17:46:06 -0400 Patrick Hurst wrote:<br>
> > > So why not use HTTPS?<br>
> ><br>
> > Because it doesn't solve the problem.<br>
> ><br>
> > _______________________________________________<br>
> > Haskell-Cafe mailing list<br>
> > <a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a> <mailto:<a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a>><br>
</div>> <mailto:<a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a> <mailto:<a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a>>><br>
<div><div>> > <a href="http://www.haskell.org/mailman/listinfo/haskell-cafe" target="_blank">http://www.haskell.org/mailman/listinfo/haskell-cafe</a><br>
> ><br>
> ><br>
> ><br>
> ><br>
> ><br>
> > _______________________________________________<br>
> > Haskell-Cafe mailing list<br>
> > <a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a> <mailto:<a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a>><br>
> > <a href="http://www.haskell.org/mailman/listinfo/haskell-cafe" target="_blank">http://www.haskell.org/mailman/listinfo/haskell-cafe</a><br>
> ><br>
><br>
> _______________________________________________<br>
> Haskell-Cafe mailing list<br>
> <a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a> <mailto:<a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a>><br>
> <a href="http://www.haskell.org/mailman/listinfo/haskell-cafe" target="_blank">http://www.haskell.org/mailman/listinfo/haskell-cafe</a><br>
><br>
><br>
<br>
_______________________________________________<br>
Haskell-Cafe mailing list<br>
<a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a><br>
<a href="http://www.haskell.org/mailman/listinfo/haskell-cafe" target="_blank">http://www.haskell.org/mailman/listinfo/haskell-cafe</a><br>
</div></div></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
Haskell-Cafe mailing list<br>
<a href="mailto:Haskell-Cafe@haskell.org" target="_blank">Haskell-Cafe@haskell.org</a><br>
<a href="http://www.haskell.org/mailman/listinfo/haskell-cafe" target="_blank">http://www.haskell.org/mailman/listinfo/haskell-cafe</a><br>
<br></blockquote></div><br></div>
</div></div></blockquote></div><br></div>