[Distutils] Migrating Hashes from MD5 to SHA256
Vinay Sajip
vinay_sajip at yahoo.co.uk
Sun Jul 28 14:31:55 CEST 2013
Donald Stufft <donald <at> stufft.io> writes:
> I'm going to go ahead and make this change unless someone comes out and
> contests moving PyPI to SHA256. I'll give it a bit to make sure no one does
> have an issue with the move.
Your proposal is a little light on specification, unless I've missed it. For
example:
* How exactly will download URLs change? One would assume they'd have a
fragment of 'sha256=...', where they currently have 'md5=...', but can you
confirm this?
* PyPI's XML-RPC API provides MD5 hashes in result dictionaries using a key
'md5_digest'. How will these result dictionaries change under your
proposal?
* PyPI's web interface has actions such as 'show_md5', will these stop
working? (By actions, I mean query strings such as ':action=show_md5'.)
Will new actions be added?
I'm not familiar with the change process for PyPI - what is the workflow?
For example, are patches posted for review?
Regards,
Vinay Sajip
More information about the Distutils-SIG
mailing list