<div>
<br>
</div>
<div></div>
<p style="color: #A0A0A8;">On Wednesday, February 1, 2012 at 4:20 AM, M.-A. Lemburg wrote:</p>
<blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;">
<span><div><div><div>Richard Jones wrote:</div><blockquote type="cite"><div><div>On 1 February 2012 19:36, Chris Withers <<a href="mailto:chris@simplistix.co.uk">chris@simplistix.co.uk</a>> wrote:</div><blockquote type="cite"><div><div>If you actually cared about security, you'd already be using, recording and</div><div>checking the MD5 checksums provided with each download and would already</div><div>know that this isn't a security loophole.</div><div><br></div><div>If you're not, then quit with the security theater.</div></div></blockquote><div><br></div><div>I believe the "security theater" of MD5 was proven, and exploits</div><div>freely available, back in 2005 :-)</div></div></blockquote><div><br></div><div>Perhaps we ought to rename the thread to: "Proposal: add SHA hashes to</div><div>distribution files", then :-)</div><div><br></div><div>I'd be +1 on that since it does actually add security to PyPI.</div></div></div></span></blockquote><div>This is a similar but doesn't also good thing to do. IMO it should be sha256, (I would say sha512 but there are slowdown issues on older pythons). </div><blockquote type="cite" style="border-left-style:solid;border-width:1px;margin-left:0px;padding-left:10px;"><span><div><div><div><br></div><div>-- </div><div>Marc-Andre Lemburg</div><div><a href="http://eGenix.com">eGenix.com</a></div><div><br></div><div>Professional Python Services directly from the Source (#1, Feb 01 2012)</div><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><div><div>Python/Zope Consulting and Support ... <a href="http://www.egenix.com">http://www.egenix.com</a>/</div><div>mxODBC.Zope.Database.Adapter ... <a href="http://zope.egenix.com">http://zope.egenix.com</a>/</div><div>mxODBC, mxDateTime, mxTextTools ... <a href="http://python.egenix.com">http://python.egenix.com</a>/</div></div></blockquote></blockquote></blockquote><div>________________________________________________________________________</div><div><br></div><div>::: Try our new mxODBC.Connect Python Database Interface for free ! ::::</div><div><br></div><div><br></div><div> <a href="http://eGenix.com">eGenix.com</a> Software, Skills and Services GmbH Pastor-Loeh-Str.48</div><div> D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg</div><div> Registered at Amtsgericht Duesseldorf: HRB 46611</div><div> <a href="http://www.egenix.com/company/contact/">http://www.egenix.com/company/contact/</a></div><div>_______________________________________________</div><div>Catalog-SIG mailing list</div><div><a href="mailto:Catalog-SIG@python.org">Catalog-SIG@python.org</a></div><div><a href="http://mail.python.org/mailman/listinfo/catalog-sig">http://mail.python.org/mailman/listinfo/catalog-sig</a></div></div></div></span>
</blockquote>
<div>
<br>
</div>