Holger, has this happened yet? > On Dec 1, 2014, at 4:23 PM, holger krekel <hol...@merlinux.eu> wrote: > > On Mon, Dec 01, 2014 at 12:45 -0600, Ian Cordasco wrote: >> On Mon, Dec 1, 2014 at 12:35 PM, Donald Stufft <don...@stufft.io> wrote: >>> >>>> On Dec 1, 2014, at 4:25 AM, holger krekel <hol...@merlinux.eu> wrote: >>>> >>>> Hi Donald, >>>> >>>> On Sat, Nov 29, 2014 at 19:43 -0500, Donald Stufft wrote: >>>>>> On Nov 13, 2014, at 9:21 PM, Donald Stufft <don...@stufft.io> wrote: >>>>>> >>>>>> Starting a new thread with more explicit details at Richard’s request. >>>>>> Essentially the tl;dr here is that we'll switch to using sha2 >>>>>> (specifically >>>>>> sha256). >>>>> >>>>> Ping? >>>>> >>>>> Are we OK to make this change? >>>> >>>> sorry i didn't get back earlier. Before the minor release of devpi-server >>>> last week i tried for two hours to change devpi-server to accomodate >>>> your planned pypi.python.org checksum changes. >>>> >>>> I found the change cannot easily be done without changes to the underlying >>>> database schema and thus needs a major new release of devpi-server because >>>> an export/import cycle is needed. When doing that i also want to do >>>> some internal cleanup related to name normalization (and also relating >>>> to recent pypi.python.org changes) but i need a week or two i guess to >>>> do that. However i now think that if you do the pypi.python.org checksum >>>> change it shouldn't directly break devpi-server but it would remove >>>> checksum checking. I'd rather like to have a new major devpi-server >>>> release out when you do the change. Is it ok for you to wait a bit still? >>>> >>>> best, >>>> holger >>> >>> Yes, we can wait a bit. I was just going over my TODO list and making sure >>> things weren’t getting lost in the shuffle. >> >> Holger, >> >> Is there anyway people on this list can help with the updates to devpi >> so that we can get this out sooner? > > Looking at devpi/server/devpi_server/extpypi.py and > devpi/server/devpi_server/model.py mainly and changing most places > where "md5" is found in the source and adapting related tests. > > Is there a specific reason you are in a hurry if i may ask? > > best, > holger
--- Donald Stufft PGP: 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
