[Catalog-sig] simple index and urls exracted from metadata text fields
René Dudfield
renesd at gmail.com
Fri Sep 11 16:57:07 CEST 2009
hi,
I think the use of pgp is missing from that description.
- using the pgp signatures to verify files. This is already part of
pypi... just not used by applications for verification... (I think?)
Also, maybe md5 should be replaced with sha2 use?
- md5 was broken as a useful hash for file integrity in 2004. See
http://en.wikipedia.org/wiki/MD5 for details. SHA2 is the current
replacement... but is aimed to be replaced itself. So pgp signatures
are a better alternative. md5 is still better than nothing of course
:) Just that using sha2 and signed files is better.
cheers,
On Fri, Sep 11, 2009 at 2:50 PM, Tarek Ziadé<ziade.tarek at gmail.com> wrote:
> 2009/9/11 P.J. Eby <pje at telecommunity.com>:
>>
>> The attribute already exists: rel="download" and rel="homepage"; if there's
>> no 'rel' it's from the description.
>>
>> I'm rather surprised you don't know these things already, since they're all
>> rather prominently documented as part of easy_install's "index API" here:
>>
>> http://peak.telecommunity.com/DevCenter/EasyInstall#package-index-api
>
> Because that's setuptools documentation, not PyPI's.
>
> Let's move this small section to docs.python.org if PyPI implements
> it. (or a variation if Jim's specification differs)
>
> I propose to add a PyPI documentation page in distutils docs,
> containing this specification,
> unless Martin thinks it should be located somewhere else.
> _______________________________________________
> Catalog-SIG mailing list
> Catalog-SIG at python.org
> http://mail.python.org/mailman/listinfo/catalog-sig
>
More information about the Catalog-SIG
mailing list