[Catalog-sig] getting the public key when --sign is used

[Daniel Holth]

Unfortunately the whole signed mirror system falls down because it relies
on md5 hashes (http://www.kb.cert.org/vuls/id/836068) although the signing
key seems to be long enough. What would it take to get SHA-2 (or 3) added?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20121119/d6331413/attachment.html>