On Mar 17, 2021, at 10:29, Victor Stinner <vstinner@python.org> wrote:
On Tue, Mar 16, 2021 at 9:16 PM Gregory P. Smith <greg@krypto.org> wrote:
The benefit of listing the sha256 for files is that it prevents this question coming up again and again because md5 is old and rightfully on the "never use" list for many people. Even if there are situations where it is fine as an effective improvement over a CRC. Would it be possible to provide multiple hashes, like MD5 *and* SHA256 (and maybe also SHA512)? Or is there a practical problem to list multiple hashes on a web page?
Why would we need to have multiple hashes? One is sufficient. The only issue is that we are set up today to use md5 and changing to another hash takes some work, both to the web site and to how we do releases. It's not a huge amount of work but somebody(ies) need(s) to step up to do it and the only obvious reason for doing it is to stop these discussions. And that hasn't been motivation yet enough given the list of higher priority items.
-- Ned Deily nad@python.org -- []