----- Original Message ----- > I would like to amend the spec. The hash column of RECORD should be > > 'sha256:' + urlsafe_b64encode(hashlib.sha256(data)) > > instead of the hopelessly obsolete md5. With a secure hash function, > you can digitally sign RECORD. >
Signing packages does sound interesting, but what authority would sign them? The authors of the packages themselves? > It would also make sense to allow RECORD to be omitted from RECORD. > _______________________________________________ > Distutils-SIG maillist - [email protected] > http://mail.python.org/mailman/listinfo/distutils-sig > -- Regards, Bohuslav "Slavek" Kabrda. _______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
