
15 Sep
2012
15 Sep
'12
1:22 p.m.
OK. Making MD5 optional in RECORD doesn't seem to be very controversial any more, and it will make life easier for an entire class of systems that compile md5() to produce a crash instead of a message digest. It will not lull anyone into a false sense of security or degrade performance.
The edit now suggests the installer pick from one of hashlib.algorithms_guaranteed, currently:
{'sha1', 'sha224', 'sha384', 'sha256', 'sha512', 'md5'}
All valid arguments to hashlib.new(). The hash value is now either empty, the md5 hexdigest, or the name of the hash, followed by =, followed by the urlsafe-b64encode-nopad (base64 with trailing = removed) of the digest.
Does an uninstaller exist that checks the hashes during uninstall?
Daniel Holth