[Catalog-sig] getting the public key when --sign is used

Daniel Holth dholth at gmail.com
Mon Nov 19 23:01:58 CET 2012

Unfortunately the whole signed mirror system falls down because it relies
on md5 hashes (http://www.kb.cert.org/vuls/id/836068) although the signing
key seems to be long enough. What would it take to get SHA-2 (or 3) added?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/catalog-sig/attachments/20121119/d6331413/attachment.html>

More information about the Catalog-SIG mailing list