[Distutils] Proposal: drop md5 for sha256
Donald Stufft
donald.stufft at gmail.com
Wed Jul 4 07:39:24 CEST 2012
On Tuesday, July 3, 2012 at 9:29 PM, Glyph wrote:
>
> Or, you know, somebody could maintain the dang software and automate the process of producing these hashes. I am slightly baffled by the tone of this thread, like the hash algorithm needs to be set in stone forever. There's a reason that most software treats hashes as pluggable: new algorithms come out every few years, you have to expect that your choice will be obsoleted for some reason (not necessarily just security!) in the future. Granted, there's no real security in this case, but why not use a hash algorithm with less probability of collision?
>
I tend to agree wrt to hashes and I have an outstanding pull request against pip to make it treat hashes as pluggable at least ;)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20120704/3a365301/attachment.html>
More information about the Distutils-SIG
mailing list