[Python-ideas] Using sha512 instead of md5 on python.org/downloads
prometheus235 at gmail.com
Fri Dec 7 10:56:22 EST 2018
Devils advocate: it might complicate things for someone that needs to use
FIPS, where MD5 can be a pain to deal with.
On Fri, Dec 7, 2018 at 8:50 AM Devin Jeanpierre <jeanpierreda at gmail.com>
> On Fri, Dec 7, 2018 at 1:40 AM Antoine Pitrou <solipsis at pitrou.net> wrote:
>> md5 is only used for a quick integrity check here (think of it as a
>> sophisticated checksum). For security you need to verify the
>> corresponding GPG signature.
> More to the point: you're getting the hash from the same place as the
> binary. If one is vulnerable to modifications by attackers, both are. So it
> doesn't matter. The real defense most people are relying on is TLS.
> -- Devin
> Python-ideas mailing list
> Python-ideas at python.org
> Code of Conduct: http://python.org/psf/codeofconduct/
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Python-ideas