[Distutils] API CHANGE - Migrating from MD5 to SHA2, Take 2
holger krekel
holger at merlinux.eu
Mon Dec 1 10:25:17 CET 2014
Hi Donald,
On Sat, Nov 29, 2014 at 19:43 -0500, Donald Stufft wrote:
> > On Nov 13, 2014, at 9:21 PM, Donald Stufft <donald at stufft.io> wrote:
> >
> > Starting a new thread with more explicit details at Richard’s request.
> > Essentially the tl;dr here is that we'll switch to using sha2 (specifically
> > sha256).
>
> Ping?
>
> Are we OK to make this change?
sorry i didn't get back earlier. Before the minor release of devpi-server
last week i tried for two hours to change devpi-server to accomodate
your planned pypi.python.org checksum changes.
I found the change cannot easily be done without changes to the underlying
database schema and thus needs a major new release of devpi-server because
an export/import cycle is needed. When doing that i also want to do
some internal cleanup related to name normalization (and also relating
to recent pypi.python.org changes) but i need a week or two i guess to
do that. However i now think that if you do the pypi.python.org checksum
change it shouldn't directly break devpi-server but it would remove
checksum checking. I'd rather like to have a new major devpi-server
release out when you do the change. Is it ok for you to wait a bit still?
best,
holger
More information about the Distutils-SIG
mailing list