[Distutils] API CHANGE - Migrating from MD5 to SHA2, Take 2

Sun Mar 8 20:27:28 CET 2015

Holger, has this happened yet?

> On Dec 1, 2014, at 4:23 PM, holger krekel <holger at merlinux.eu> wrote:
> 
> On Mon, Dec 01, 2014 at 12:45 -0600, Ian Cordasco wrote:
>> On Mon, Dec 1, 2014 at 12:35 PM, Donald Stufft <donald at stufft.io> wrote:
>>> 
>>>> On Dec 1, 2014, at 4:25 AM, holger krekel <holger at merlinux.eu> wrote:
>>>> 
>>>> Hi Donald,
>>>> 
>>>> On Sat, Nov 29, 2014 at 19:43 -0500, Donald Stufft wrote:
>>>>>> On Nov 13, 2014, at 9:21 PM, Donald Stufft <donald at stufft.io> wrote:
>>>>>> 
>>>>>> Starting a new thread with more explicit details at Richard’s request.
>>>>>> Essentially the tl;dr here is that we'll switch to using sha2 (specifically
>>>>>> sha256).
>>>>> 
>>>>> Ping?
>>>>> 
>>>>> Are we OK to make this change?
>>>> 
>>>> sorry i didn't get back earlier.  Before the minor release of devpi-server
>>>> last week i tried for two hours to change devpi-server to accomodate
>>>> your planned pypi.python.org checksum changes.
>>>> 
>>>> I found the change cannot easily be done without changes to the underlying
>>>> database schema and thus needs a major new release of devpi-server because
>>>> an export/import cycle is needed.  When doing that i also want to do
>>>> some internal cleanup related to name normalization (and also relating
>>>> to recent pypi.python.org changes) but i need a week or two i guess to
>>>> do that.  However i now think that if you do the pypi.python.org checksum
>>>> change it shouldn't directly break devpi-server but it would remove
>>>> checksum checking.  I'd rather like to have a new major devpi-server
>>>> release out when you do the change.  Is it ok for you to wait a bit still?
>>>> 
>>>> best,
>>>> holger
>>> 
>>> Yes, we can wait a bit. I was just going over my TODO list and making sure
>>> things weren’t getting lost in the shuffle.
>> 
>> Holger,
>> 
>> Is there anyway people on this list can help with the updates to devpi
>> so that we can get this out sooner?
> 
> Looking at devpi/server/devpi_server/extpypi.py and
> devpi/server/devpi_server/model.py mainly and changing most places
> where "md5" is found in the source and adapting related tests.
> 
> Is there a specific reason you are in a hurry if i may ask?
> 
> best,
> holger

---
Donald Stufft
PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.python.org/pipermail/distutils-sig/attachments/20150308/2d8234bf/attachment.sig>