[Distutils] API CHANGE - Migrating from MD5 to SHA2, Take 2
Donald Stufft
donald at stufft.io
Mon Dec 1 19:35:27 CET 2014
> On Dec 1, 2014, at 4:25 AM, holger krekel <holger at merlinux.eu> wrote:
>
> Hi Donald,
>
> On Sat, Nov 29, 2014 at 19:43 -0500, Donald Stufft wrote:
>>> On Nov 13, 2014, at 9:21 PM, Donald Stufft <donald at stufft.io> wrote:
>>>
>>> Starting a new thread with more explicit details at Richard’s request.
>>> Essentially the tl;dr here is that we'll switch to using sha2 (specifically
>>> sha256).
>>
>> Ping?
>>
>> Are we OK to make this change?
>
> sorry i didn't get back earlier. Before the minor release of devpi-server
> last week i tried for two hours to change devpi-server to accomodate
> your planned pypi.python.org checksum changes.
>
> I found the change cannot easily be done without changes to the underlying
> database schema and thus needs a major new release of devpi-server because
> an export/import cycle is needed. When doing that i also want to do
> some internal cleanup related to name normalization (and also relating
> to recent pypi.python.org changes) but i need a week or two i guess to
> do that. However i now think that if you do the pypi.python.org checksum
> change it shouldn't directly break devpi-server but it would remove
> checksum checking. I'd rather like to have a new major devpi-server
> release out when you do the change. Is it ok for you to wait a bit still?
>
> best,
> holger
Yes, we can wait a bit. I was just going over my TODO list and making sure
things weren’t getting lost in the shuffle.
---
Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
More information about the Distutils-SIG
mailing list