[Python-ideas] Using sha512 instead of md5 on python.org/downloads
Antoine Pitrou
solipsis at pitrou.net
Sat Dec 8 11:54:31 EST 2018
On Fri, 7 Dec 2018 11:54:59 -0800
Devin Jeanpierre <jeanpierreda at gmail.com>
wrote:
> On Fri, Dec 7, 2018 at 10:48 AM Antoine Pitrou <solipsis at pitrou.net> wrote:
>
> > If the site is vulnerable to modifications, then TLS doesn't help.
> > Again: you must verify the GPG signatures (since they are produced by
> > the release manager's private key, which is *not* stored on the
> > python.org Web site).
>
> This is missing the point.
Why do you think I missed anything here?
Regards
Antoine.
More information about the Python-ideas
mailing list