[Python-ideas] Using sha512 instead of md5 on python.org/downloads

Antoine Pitrou solipsis at pitrou.net
Sat Dec 8 11:54:31 EST 2018

On Fri, 7 Dec 2018 11:54:59 -0800
Devin Jeanpierre <jeanpierreda at gmail.com>
> On Fri, Dec 7, 2018 at 10:48 AM Antoine Pitrou <solipsis at pitrou.net> wrote:
> > If the site is vulnerable to modifications, then TLS doesn't help.
> > Again: you must verify the GPG signatures (since they are produced by
> > the release manager's private key, which is *not* stored on the
> > python.org Web site).
> This is missing the point.

Why do you think I missed anything here?



More information about the Python-ideas mailing list