[Distutils] API CHANGE - Migrating from MD5 to SHA2, Take 2

Donald Stufft donald at stufft.io
Mon Dec 1 19:35:27 CET 2014

> On Dec 1, 2014, at 4:25 AM, holger krekel <holger at merlinux.eu> wrote:
> Hi Donald,
> On Sat, Nov 29, 2014 at 19:43 -0500, Donald Stufft wrote:
>>> On Nov 13, 2014, at 9:21 PM, Donald Stufft <donald at stufft.io> wrote:
>>> Starting a new thread with more explicit details at Richard’s request.
>>> Essentially the tl;dr here is that we'll switch to using sha2 (specifically
>>> sha256).
>> Ping?
>> Are we OK to make this change?
> sorry i didn't get back earlier.  Before the minor release of devpi-server
> last week i tried for two hours to change devpi-server to accomodate
> your planned pypi.python.org checksum changes.
> I found the change cannot easily be done without changes to the underlying
> database schema and thus needs a major new release of devpi-server because
> an export/import cycle is needed.  When doing that i also want to do
> some internal cleanup related to name normalization (and also relating
> to recent pypi.python.org changes) but i need a week or two i guess to
> do that.  However i now think that if you do the pypi.python.org checksum
> change it shouldn't directly break devpi-server but it would remove 
> checksum checking.  I'd rather like to have a new major devpi-server 
> release out when you do the change.  Is it ok for you to wait a bit still?
> best,
> holger

Yes, we can wait a bit. I was just going over my TODO list and making sure
things weren’t getting lost in the shuffle.

Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

More information about the Distutils-SIG mailing list