3 Jul
2012
3 Jul
'12
7:42 a.m.
----- Original Message -----
I would like to amend the spec. The hash column of RECORD should be
'sha256:' + urlsafe_b64encode(hashlib.sha256(data))
instead of the hopelessly obsolete md5. With a secure hash function, you can digitally sign RECORD.
Signing packages does sound interesting, but what authority would sign them? The authors of the packages themselves?
It would also make sense to allow RECORD to be omitted from RECORD. _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
-- Regards, Bohuslav "Slavek" Kabrda.