[New-bugs-announce] [issue36316] Provide SHA256 checksums for installers

fazl report at bugs.python.org
Sat Mar 16 09:18:34 EDT 2019


New submission from fazl <fazjobs at gmail.com>:

Python is widely used and should use more trustworthy checksums than MD5.

Even the successor to MD5 (SHA-1) was considered insecure in 2017. From https://nakedsecurity.sophos.com/2017/02/23/bang-sha-1-collides-at-38762cf7f55934b34d179ae6a4c80cadccbb7f0a/ :

"For many years [...] MD5 was widely used [...] but it is now forbidden in the cryptographic world because [...] MD5 collisions are easy to generate on purpose, so the algorithm can no longer be trusted."

----------
components: Installation
messages: 338083
nosy: fazl
priority: normal
severity: normal
status: open
title: Provide SHA256 checksums for installers
type: security
versions: Python 2.7, Python 3.7, Python 3.8

_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue36316>
_______________________________________


More information about the New-bugs-announce mailing list