[Distutils] New buildout options: checksums and allow-omitted-checksums

Marius Gedminas marius at pov.lt
Wed Mar 23 18:43:47 CET 2011

On Tue, Mar 22, 2011 at 12:51:35PM +1300, Greg Ewing wrote:
> Thomas Lotze wrote:
> >After some further offline discussion, I'd like to suggest using MD5 as
> >the default algorithm, though.
> Warnings against using md5 are mainly about cryptographic
> security, aren't they? For just detecting accidental
> corruption it should still be good enough.

Yes, that's my understanding too.

(My only point for raising this was to consider a future-proof syntax for
specifying the checksums, so that we're not locked in the past when the
world moves on.)

Marius Gedminas
At most companies, programmers aren't trusted with words that a user might
actually see (and for good reason, much of the time).
		-- Joel Spolski
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: Digital signature
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20110323/efadfd33/attachment.pgp>

More information about the Distutils-SIG mailing list