[Catalog-sig] an immutable mirror of PyPI
Chris Withers
chris at simplistix.co.uk
Tue Jul 19 19:46:38 CEST 2011
On 18/07/2011 23:04, M.-A. Lemburg wrote:
> BTW: To address your repeatability/security concerns, the tools you are
> using would also have to store the hash check sum of the downloaded
> packages together with the version. AFAIK, buildout only pins down
> versions, not MD5/SHA1 sums.
I'm pretty sure there's a hashing extension for buildout downloads.
cheers,
Chris
--
Simplistix - Content Management, Batch Processing & Python Consulting
- http://www.simplistix.co.uk
More information about the Catalog-SIG
mailing list