Hi Donald, On Sat, Nov 29, 2014 at 19:43 -0500, Donald Stufft wrote:
On Nov 13, 2014, at 9:21 PM, Donald Stufft
wrote: Starting a new thread with more explicit details at Richard’s request. Essentially the tl;dr here is that we'll switch to using sha2 (specifically sha256).
Ping?
Are we OK to make this change?
sorry i didn't get back earlier. Before the minor release of devpi-server last week i tried for two hours to change devpi-server to accomodate your planned pypi.python.org checksum changes. I found the change cannot easily be done without changes to the underlying database schema and thus needs a major new release of devpi-server because an export/import cycle is needed. When doing that i also want to do some internal cleanup related to name normalization (and also relating to recent pypi.python.org changes) but i need a week or two i guess to do that. However i now think that if you do the pypi.python.org checksum change it shouldn't directly break devpi-server but it would remove checksum checking. I'd rather like to have a new major devpi-server release out when you do the change. Is it ok for you to wait a bit still? best, holger