Zitat von Daniel Holth <[email protected]>:
Unfortunately the whole signed mirror system falls down because it relies on md5 hashes (http://www.kb.cert.org/vuls/id/836068) although the signing key seems to be long enough.
You are misinterpreting the vulnerability. It does not apply to the way in which md5 is used in PyPI. So in no way the system "falls down". Regards, Martin _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
