[Catalog-sig] hash tags

[M.-A. Lemburg]

On 08.03.2013 20:16, PJ Eby wrote:
> On Fri, Mar 8, 2013 at 7:50 AM, M.-A. Lemburg <mal at egenix.com> wrote:
>> After the feedback I got from Holger and Phillip, I'm currently
>> writing a new version, which drops some of the unneeded
>> requirements and spells out a few more things.
>>
>> Here's a very short version...
>>
>> Installers are modified:
>>
>> * to only follow rel="download" links from the /simple/ index page,
>>   which have a hash tag (e.g. #md5=...)
>> * will only use the fetched download page if its contents match
>>   the hash tag
>> * scan that page for rel="download" links, which again have to
>>   have a hash tag to be taken into account
>> * only install files for which the hash tag matches the
>>   downloaded content
>>
>> This should provide a good way to make sure that the downloaded
>> files are indeed under control of the package maintainer.
> 
> There is, as I said before, a MUCH simpler way to do this, that works
> right now: put direct #md5 download links in your description, and
> phase out the rel="" attributes altogether.

No, that would be a pretty poor design :-)

The rel="" attributes are good design, since they were meant for
exactly this purpose (machine reading and understanding relations
between origin and target).

-- 
Marc-Andre Lemburg
eGenix.com

Professional Python Services directly from the Source  (#1, Mar 07 2013)
>>> Python Projects, Consulting and Support ...   http://www.egenix.com/
>>> mxODBC.Zope/Plone.Database.Adapter ...       http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/
________________________________________________________________________

::::: Try our mxODBC.Connect Python Database Interface for free ! ::::::

   eGenix.com Software, Skills and Services GmbH  Pastor-Loeh-Str.48
    D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
           Registered at Amtsgericht Duesseldorf: HRB 46611
               http://www.egenix.com/company/contact/