[Distutils] Migrating Hashes from MD5 to SHA256
Donald Stufft
donald at stufft.io
Sat Jul 27 19:32:25 CEST 2013
On Jul 27, 2013, at 1:25 PM, Antoine Pitrou <solipsis at pitrou.net> wrote:
> If your assertion were true ("Most people will use the setuptools
> bundled with virtualenv"), then the setuptools download numbers
> would be minuscule. The actual numbers show it to be untrue.
> Whether or not they are directly comparable isn't important: the
> orders are magnitude are sufficiently eloquent.
>
>> It's impossible to know for sure how it'll be gotten but my gut is
>> that most people use whatever is default inside of virtualenv
>> because that's how almost everyone i've seen who uses virtualenv
>> does it unless they have special needs.
>
> Perhaps you don't realize that many people don't use virtualenv at all,
> so they simply cannot use virtualenv's setuptools, either. Which is
> perfectly compatible with those download numbers, unlike your original
> assertion.
>
I don't think any claim can be made about the relative use between the
two tools by looking at the download counts because their typical use is
generally very different. But sure you're right whatever does that make
you feel better?
Are you trying to claim we shouldn't move to a stronger hash?
-----------------
Donald Stufft
PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130727/2785f4cf/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20130727/2785f4cf/attachment-0001.pgp>
More information about the Distutils-SIG
mailing list