[Distutils] API CHANGE - Migrating from MD5 to SHA2, Take 2

[Ian Cordasco]

On Mon, Dec 1, 2014 at 12:35 PM, Donald Stufft <donald at stufft.io> wrote:
>
>> On Dec 1, 2014, at 4:25 AM, holger krekel <holger at merlinux.eu> wrote:
>>
>> Hi Donald,
>>
>> On Sat, Nov 29, 2014 at 19:43 -0500, Donald Stufft wrote:
>>>> On Nov 13, 2014, at 9:21 PM, Donald Stufft <donald at stufft.io> wrote:
>>>>
>>>> Starting a new thread with more explicit details at Richard’s request.
>>>> Essentially the tl;dr here is that we'll switch to using sha2 (specifically
>>>> sha256).
>>>
>>> Ping?
>>>
>>> Are we OK to make this change?
>>
>> sorry i didn't get back earlier.  Before the minor release of devpi-server
>> last week i tried for two hours to change devpi-server to accomodate
>> your planned pypi.python.org checksum changes.
>>
>> I found the change cannot easily be done without changes to the underlying
>> database schema and thus needs a major new release of devpi-server because
>> an export/import cycle is needed.  When doing that i also want to do
>> some internal cleanup related to name normalization (and also relating
>> to recent pypi.python.org changes) but i need a week or two i guess to
>> do that.  However i now think that if you do the pypi.python.org checksum
>> change it shouldn't directly break devpi-server but it would remove
>> checksum checking.  I'd rather like to have a new major devpi-server
>> release out when you do the change.  Is it ok for you to wait a bit still?
>>
>> best,
>> holger
>
> Yes, we can wait a bit. I was just going over my TODO list and making sure
> things weren’t getting lost in the shuffle.
>
> ---
> Donald Stufft
> PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
>
> _______________________________________________
> Distutils-SIG maillist  -  Distutils-SIG at python.org
> https://mail.python.org/mailman/listinfo/distutils-sig

Holger,

Is there anyway people on this list can help with the updates to devpi
so that we can get this out sooner?

Cheers,
Ian