On Fri, Mar 18, 2011 at 9:43 AM, Thomas Lotze <[email protected]> wrote: > Marius Gedminas wrote: > >> Please don't hardcode the checksum algorithm to MD5. Security researchers >> have been telling everyone to stop using MD5 (and SHA1) for a while now. > > Good point. All this talking about MD5 specifically has been due to the > fact that this is what used to be used by the download API and the > gocep.download recipe so far. To take up the idea I posted a few minutes > ago, one might specify checksums like this: > > [checksums] > foo = http://example.org/foo.tgz algorithm:checksum-value
+1 -- Benji York _______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
