At Tue, 3 Jul 2012 10:32:43 -0400, PJ Eby wrote: > > On Tue, Jul 3, 2012 at 8:48 AM, Jeroen Dekkers <[email protected]> wrote: > > > And yes, attacks on md5 will only get better, so we should migrate to > > better hashes in the future. > > > No, because that's not what the RECORD hashes are for. It's not an > intrusion detection system, it's an installer conflict and "oops I edited > the wrong file" checker.
Sorry for not being clear, but I totally agree. I was replying to the md5 on PyPI are embarrassing part and meant that we should migrate to use better hashes on PyPI in the future. Jeroen Dekkers _______________________________________________ Distutils-SIG maillist - [email protected] http://mail.python.org/mailman/listinfo/distutils-sig
