hi, I think the use of pgp is missing from that description.
- using the pgp signatures to verify files. This is already part of pypi... just not used by applications for verification... (I think?) Also, maybe md5 should be replaced with sha2 use? - md5 was broken as a useful hash for file integrity in 2004. See http://en.wikipedia.org/wiki/MD5 for details. SHA2 is the current replacement... but is aimed to be replaced itself. So pgp signatures are a better alternative. md5 is still better than nothing of course :) Just that using sha2 and signed files is better. cheers, On Fri, Sep 11, 2009 at 2:50 PM, Tarek Ziadé<[email protected]> wrote: > 2009/9/11 P.J. Eby <[email protected]>: >> >> The attribute already exists: rel="download" and rel="homepage"; if there's >> no 'rel' it's from the description. >> >> I'm rather surprised you don't know these things already, since they're all >> rather prominently documented as part of easy_install's "index API" here: >> >> http://peak.telecommunity.com/DevCenter/EasyInstall#package-index-api > > Because that's setuptools documentation, not PyPI's. > > Let's move this small section to docs.python.org if PyPI implements > it. (or a variation if Jim's specification differs) > > I propose to add a PyPI documentation page in distutils docs, > containing this specification, > unless Martin thinks it should be located somewhere else. > _______________________________________________ > Catalog-SIG mailing list > [email protected] > http://mail.python.org/mailman/listinfo/catalog-sig > _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
