On Apr 2, 2013, at 10:39 PM, holger krekel <hol...@merlinux.eu> wrote:
> On Tue, Apr 02, 2013 at 22:12 +0200, Christian Theune wrote: >> Hi, >> >> when developing bandersnatch I saw some checksum errors for the >> md5sums of downloaded package files that I didn't understand. >> I just saw another one and just want to check back whether this is >> true: I can go to PyPI, delete a package version, and upload a >> different file later. >> >> True? > > it's certainly possible. Not sure if i even did something like > this in my early days :) > >> This would explain that I can see a file that I downloaded >> successfully changing it's hash over time. > > would be cool if bandersnatch can handle this case. > Maybe queue hash mismatches and only error out if the final > file mismatches its hash or so? It does that already: it performs a hash-check of existing files to verify whether they are still intact. If they are not, then it logs a warning (disguised as an error) and redownloads. Whenever it downloads something that doesn't fit the advertised checksum then it actually errors out (and never redistributes the file to downstream clients). Christian -- Christian Theune · c...@gocept.com gocept gmbh & co. kg · Forsterstraße 29 · 06112 Halle (Saale) · Germany http://gocept.com · Tel +49 345 1229889-7 Python, Pyramid, Plone, Zope · consulting, development, hosting, operations
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
