[Python-ideas] Using sha512 instead of md5 on python.org/downloads
solipsis at pitrou.net
Fri Dec 7 04:39:30 EST 2018
On Fri, 7 Dec 2018 09:53:04 +0100
Miro Hrončok <mhroncok at redhat.com> wrote:
> I see md5 checksums at a release download page such as .
> My idea is to switch to sha512 for a more reliable outcome.
> I'm no security expert, but AFAK md5 is generally believed to be unsafe,
> as it was repeatedly proven it can be vulnerable .
md5 is only used for a quick integrity check here (think of it as a
sophisticated checksum). For security you need to verify the
corresponding GPG signature.
More information about the Python-ideas