[issue14280] packaging.pypi should not require checksums
Alexis Metaireau
report at bugs.python.org
Thu Mar 15 17:33:14 CET 2012
Alexis Metaireau <alexis at notmyidea.org> added the comment:
If no MD5 checksum is present on the crawled simple index, then we don't have to check them. This means we introduce a potential security hole here (md5 checksums were added for a reason).
What could be done is to explicitely don't check them if asked so. For instance using a --no-checksum flag when running pysetup, or passing a no_checksum argument when using the crawler.
Would that work for you?
Éric, this is a different issue than the one you pointed out in the sence that one is for local files and the other is for remote indexes. (Of course, local files, will not need checksums as well).
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue14280>
_______________________________________
More information about the Python-bugs-list
mailing list