Thomas Lotze wrote:
Good point. All this talking about MD5 specifically has been due to the fact that this is what used to be used by the download API and the gocep.download recipe so far. To take up the idea I posted a few minutes ago, one might specify checksums like this:
[checksums] foo = http://example.org/foo.tgz algorithm:checksum-value
After some further offline discussion, I'd like to suggest using MD5 as the default algorithm, though. It has been the algorithm of choice in buildout and recipes and allowing to omit the md5: prefix in what's very likely the majority of cases sounds like a good bargain. I agree that the cleanest solution would be not having a default algorithm at all but this may just be one instance where practicality beats purity.