[Distutils] add hash algorithm agility to RECORD
Daniel Holth
dholth at gmail.com
Sat Sep 15 14:22:57 CEST 2012
OK. Making MD5 optional in RECORD doesn't seem to be very
controversial any more, and it will make life easier for an entire
class of systems that compile md5() to produce a crash instead of a
message digest. It will not lull anyone into a false sense of security
or degrade performance.
The edit now suggests the installer pick from one of
hashlib.algorithms_guaranteed, currently:
{'sha1', 'sha224', 'sha384', 'sha256', 'sha512', 'md5'}
All valid arguments to hashlib.new(). The hash value is now either
empty, the md5 hexdigest, or the name of the hash, followed by =,
followed by the urlsafe-b64encode-nopad (base64 with trailing =
removed) of the digest.
Does an uninstaller exist that checks the hashes during uninstall?
Daniel Holth
More information about the Distutils-SIG
mailing list