Ticket #184 (new defect)
Security issue in installing Haskell platform in MS Windows - Installer not digitally signed
|Reported by:||gsngh||Owned by:||refold|
|Component:||Windows installer||Keywords:||security vulnerability installer digital signature|
The Haskell platform installer for Microsoft Windows should be digitally signed using a certificate from a reputed certificate organization (Verisign, entrust etc.) The mozilla firefox is signed this way. Any software distributed through internet is signed this way to avoid modification by replacement by an intermediary.
If it is not possible to sign the platform installer then publish the md5 checksum along with the link to download platform installer. (However, windows users are slightly less used to this approach.)