[issue36316] Provide SHA256 checksums for installers

2019-03-16 Thread Benjamin Peterson


Benjamin Peterson  added the comment:

MD5 isn't a security measure. It's provided for a quick check of integrity.

--
resolution:  -> wont fix
stage:  -> resolved
status: open -> closed

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue36316] Provide SHA256 checksums for installers

2019-03-16 Thread SilentGhost


Change by SilentGhost :


--
nosy: +benjamin.peterson

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com



[issue36316] Provide SHA256 checksums for installers

2019-03-16 Thread fazl


New submission from fazl :

Python is widely used and should use more trustworthy checksums than MD5.

Even the successor to MD5 (SHA-1) was considered insecure in 2017. From 
https://nakedsecurity.sophos.com/2017/02/23/bang-sha-1-collides-at-38762cf7f55934b34d179ae6a4c80cadccbb7f0a/
 :

"For many years [...] MD5 was widely used [...] but it is now forbidden in the 
cryptographic world because [...] MD5 collisions are easy to generate on 
purpose, so the algorithm can no longer be trusted."

--
components: Installation
messages: 338083
nosy: fazl
priority: normal
severity: normal
status: open
title: Provide SHA256 checksums for installers
type: security
versions: Python 2.7, Python 3.7, Python 3.8

___
Python tracker 

___
___
Python-bugs-list mailing list
Unsubscribe: 
https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com