[Catalog-sig] Proposal: close the PyPI file-replacement loophole

Antoine Pitrou solipsis at pitrou.net
Fri Feb 3 01:24:36 CET 2012

Previous message: [Catalog-sig] Proposal: close the PyPI file-replacement loophole
Next message: [Catalog-sig] Proposal: close the PyPI file-replacement loophole
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Michael Foord <fuzzyman <at> gmail.com> writes:
> 
> Given the issues with md5, adding SHA (or similar) hashes to pypi would
> be a much better use of time (IMO).

Also, implement http://www.python.org/dev/peps/pep-0381/#mirror-authenticity

Regards

Antoine.

Previous message: [Catalog-sig] Proposal: close the PyPI file-replacement loophole
Next message: [Catalog-sig] Proposal: close the PyPI file-replacement loophole
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Catalog-SIG mailing list