[Catalog-sig] an immutable mirror of PyPI
M.-A. Lemburg
mal at egenix.com
Wed Jul 20 10:54:00 CEST 2011
Chris Withers wrote:
> On 18/07/2011 23:04, M.-A. Lemburg wrote:
>> BTW: To address your repeatability/security concerns, the tools you are
>> using would also have to store the hash check sum of the downloaded
>> packages together with the version. AFAIK, buildout only pins down
>> versions, not MD5/SHA1 sums.
>
> I'm pretty sure there's a hashing extension for buildout downloads.
You mean: an extension that allow pinning versions and hashes or
just one that checks the downloads against the hashes provided by
the index server (if it does) ?
--
Marc-Andre Lemburg
eGenix.com
Professional Python Services directly from the Source (#1, Jul 20 2011)
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
________________________________________________________________________
::: Try our new mxODBC.Connect Python Database Interface for free ! ::::
eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48
D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg
Registered at Amtsgericht Duesseldorf: HRB 46611
http://www.egenix.com/company/contact/
More information about the Catalog-SIG
mailing list