You are right, I skipped over that this was actually a server-side exploit - sure, end-to-end signing will help here.
On 30/01/13 19:47, Edward Z. Yang wrote: >> As long as we upload packages via plain HTTP, signing won't help though. _______________________________________________ Haskell-Cafe mailing list Haskell-Cafe@haskell.org http://www.haskell.org/mailman/listinfo/haskell-cafe
