On Fri, May 01, 2009 at 07:40:16PM -0700, Dan Price wrote: > Advice? I could downgrade to SHA1, but Darren has said that's bad. > I was trying to have good habits.
While SHA-1 may not be the best thing to use to checksum arbitrary data, the thing we're downloading has to pass through gzip, tar, and a full python compile process, and our own tests on top of that. Given all that, and the fact that the checksums you've hardcoded in setup.py may or may not be trustworthy in the first place makes me think that SHA-1 is just fine for this particular application. Danek _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
