Hey, On Sat, Jul 16, 2011 at 6:40 PM, Benji York <[email protected]> wrote: > On Sat, Jul 16, 2011 at 6:58 AM, Martijn Faassen <[email protected]> > wrote: >> I wonder whether there are tooling solutions possible to detect this before >> it's too late. A public log of what got removed would be useful so people >> can keep an eye on things - but for this to be caught it would mean that the >> log would need to include recreations as well. > > Being a buildout user, if I were to tackle that I'd add something along > the lines of SSH's warnings when a host fingerprint changes. I.e., > require that package hashes be given (much like you can require that > versions be specified) and check those on download.
Yes, for changes this would be possible (assuming hashes). Removals by themselves are another problem, though. Regards, Martijn _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
