[Distutils] Proposal: drop md5 for sha256
Bohuslav Kabrda
bkabrda at redhat.com
Tue Jul 3 09:42:09 CEST 2012
----- Original Message -----
> I would like to amend the spec. The hash column of RECORD should be
>
> 'sha256:' + urlsafe_b64encode(hashlib.sha256(data))
>
> instead of the hopelessly obsolete md5. With a secure hash function,
> you can digitally sign RECORD.
>
Signing packages does sound interesting, but what authority would sign them? The authors of the packages themselves?
> It would also make sense to allow RECORD to be omitted from RECORD.
> _______________________________________________
> Distutils-SIG maillist - Distutils-SIG at python.org
> http://mail.python.org/mailman/listinfo/distutils-sig
>
--
Regards,
Bohuslav "Slavek" Kabrda.
More information about the Distutils-SIG
mailing list