On 01/30/2013 10:48 PM, Niklas Hambüchen wrote:
You are right, I skipped over that this was actually a server-side
exploit - sure, end-to-end signing will help here.
it helps also in the HTTP case; a MiTM wouldn't be able to change the
package without knowing the private key.
more to the point it also help the case with hackage mirrors (or a
corrupt hackage admin).
--
Vincent
_______________________________________________
Haskell-Cafe mailing list
Haskell-Cafe@haskell.org
http://www.haskell.org/mailman/listinfo/haskell-cafe
