Should I file a bug to eventually use hashlib for >= Python 2.5? Should I provide a patch which attempts to import hashlib and use it if available, but otherwise falls back on md5/sha1?
Some general confusion about what's going on in contrib.auth.models... There's 2 check_password methods in there. 1 in the global namespace and 1 in the User class. User.check_password is there mainly to check for an md5 password (by absence of a '$') and if it is an md5 password, it converts it to the sha1 password and passes handling to the global check_password. But set_password will only set a sha1 password. So why would the global check_password need to check if the algo is 'md5' if set_password could never use md5? Could Django remove the BC check prior to 1.0 to clean this up? I guess those applications that are in active use with real users this would be bad since the only way to migrate this to sha1 would be to know the actual password. Maybe I answered my own question. :) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-developers?hl=en -~----------~----~----~----~------~----~------~--~---
