Skip to content

update hoauth #42

New issue
New issue
Open
Open
update hoauth#42
@jgoerzen

Description

@jgoerzen
jgoerzen
opened on Jul 20, 2012

Rudiger, Daiki, Aditya, and John:

I know you aren't all choosing to use SSL, but I think you're all
using hoauth in packages on Hackage:
http://hackage2.uptoisomorphism.net:8080/package/hoauth/reverse

You should probably bump the requirement to hoauth >= 0.3.4. That
version, which Diego uploaded a month and a half ago, includes a patch
of mine which turns the SSL certificate verification back on.
Programs compiled with earlier versions would still be vulnerable to
man-in-the-middle attacks even when using SSL... And I think you're
all still allowing older versions than that.

Anyways, cheers, and happy coding!

KevinRudiger, Daiki, Aditya, and John:

I know you aren't all choosing to use SSL, but I think you're all
using hoauth in packages on Hackage:
http://hackage2.uptoisomorphism.net:8080/package/hoauth/reverse

You should probably bump the requirement to hoauth >= 0.3.4. That
version, which Diego uploaded a month and a half ago, includes a patch
of mine which turns the SSL certificate verification back on.
Programs compiled with earlier versions would still be vulnerable to
man-in-the-middle attacks even when using SSL... And I think you're
all still allowing older versions than that.

Anyways, cheers, and happy coding!

Kevin

Kevin Cantu

Kevin Cantu
805-669-8778

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions