[Catalog-sig] Proposal: close the PyPI file-replacement loophole

Antoine Pitrou solipsis at pitrou.net
Fri Feb 3 01:24:36 CET 2012

Michael Foord <fuzzyman <at> gmail.com> writes:
> Given the issues with md5, adding SHA (or similar) hashes to pypi would
> be a much better use of time (IMO).

Also, implement http://www.python.org/dev/peps/pep-0381/#mirror-authenticity



More information about the Catalog-SIG mailing list