You should probably bump the requirement to hoauth >= 0.3.4. That
version, which Diego uploaded a month and a half ago, includes a patch
of mine which turns the SSL certificate verification back on.
Programs compiled with earlier versions would still be vulnerable to
man-in-the-middle attacks even when using SSL... And I think you're
all still allowing older versions than that.
You should probably bump the requirement to hoauth >= 0.3.4. That
version, which Diego uploaded a month and a half ago, includes a patch
of mine which turns the SSL certificate verification back on.
Programs compiled with earlier versions would still be vulnerable to
man-in-the-middle attacks even when using SSL... And I think you're
all still allowing older versions than that.
Rudiger, Daiki, Aditya, and John:
I know you aren't all choosing to use SSL, but I think you're all using
hoauth
in packages on Hackage: http://hackage2.uptoisomorphism.net:8080/package/hoauth/reverseYou should probably bump the requirement to hoauth >= 0.3.4. That version, which Diego uploaded a month and a half ago, includes a patch of mine which turns the SSL certificate verification back on. Programs compiled with earlier versions would still be vulnerable to man-in-the-middle attacks even when using SSL... And I think you're all still allowing older versions than that.
Anyways, cheers, and happy coding!
KevinRudiger, Daiki, Aditya, and John:
I know you aren't all choosing to use SSL, but I think you're all using
hoauth
in packages on Hackage: http://hackage2.uptoisomorphism.net:8080/package/hoauth/reverseYou should probably bump the requirement to hoauth >= 0.3.4. That version, which Diego uploaded a month and a half ago, includes a patch of mine which turns the SSL certificate verification back on. Programs compiled with earlier versions would still be vulnerable to man-in-the-middle attacks even when using SSL... And I think you're all still allowing older versions than that.
Anyways, cheers, and happy coding!
Kevin
Kevin Cantu
Kevin Cantu 805-669-8778