[Distutils] New buildout options: checksums and allow-omitted-checksums
Benji York
benji at benjiyork.com
Fri Mar 18 14:47:50 CET 2011
On Fri, Mar 18, 2011 at 9:43 AM, Thomas Lotze <thomas at thomas-lotze.de> wrote:
> Marius Gedminas wrote:
>
>> Please don't hardcode the checksum algorithm to MD5. Security researchers
>> have been telling everyone to stop using MD5 (and SHA1) for a while now.
>
> Good point. All this talking about MD5 specifically has been due to the
> fact that this is what used to be used by the download API and the
> gocep.download recipe so far. To take up the idea I posted a few minutes
> ago, one might specify checksums like this:
>
> [checksums]
> foo = http://example.org/foo.tgz algorithm:checksum-value
+1
--
Benji York
More information about the Distutils-SIG
mailing list