New submission from Christian Heimes <li...@cheimes.de>:
The distutils upload command creates a MD5 digest of the file content. This is not compatible with systems with systems that run under a strict security policy that blocks MD5. Possible fixes are: * declare that the MD5 digest is not used for security. Security is provided by TLS/SSL and HTTPS. The digest is just a simple checksum to detect file corruption during upload. * Remove MD5 digest completely * Don't create a MD5 digest if ``hashlib.md5(content)`` fails * Skip the test case if MD5 is not available Does PyPI support other digests, e.g. SHA2-256 digest? ---------- components: Library (Lib) messages: 369442 nosy: christian.heimes priority: normal severity: normal status: open title: distutils.command.upload md5_digest type: behavior versions: Python 3.10, Python 3.9 _______________________________________ Python tracker <rep...@bugs.python.org> <https://bugs.python.org/issue40698> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
