
July 3, 2012
3:57 p.m.
At Tue, 3 Jul 2012 10:32:43 -0400, PJ Eby wrote:
On Tue, Jul 3, 2012 at 8:48 AM, Jeroen Dekkers <jeroen@dekkers.ch> wrote:
And yes, attacks on md5 will only get better, so we should migrate to better hashes in the future.
No, because that's not what the RECORD hashes are for. It's not an intrusion detection system, it's an installer conflict and "oops I edited the wrong file" checker.
Sorry for not being clear, but I totally agree. I was replying to the md5 on PyPI are embarrassing part and meant that we should migrate to use better hashes on PyPI in the future. Jeroen Dekkers