[New-bugs-announce] [issue40698] distutils.command.upload md5_digest
Christian Heimes
report at bugs.python.org
Wed May 20 07:32:43 EDT 2020
New submission from Christian Heimes <lists at cheimes.de>:
The distutils upload command creates a MD5 digest of the file content. This is not compatible with systems with systems that run under a strict security policy that blocks MD5.
Possible fixes are:
* declare that the MD5 digest is not used for security. Security is provided by TLS/SSL and HTTPS. The digest is just a simple checksum to detect file corruption during upload.
* Remove MD5 digest completely
* Don't create a MD5 digest if ``hashlib.md5(content)`` fails
* Skip the test case if MD5 is not available
Does PyPI support other digests, e.g. SHA2-256 digest?
----------
components: Library (Lib)
messages: 369442
nosy: christian.heimes
priority: normal
severity: normal
status: open
title: distutils.command.upload md5_digest
type: behavior
versions: Python 3.10, Python 3.9
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue40698>
_______________________________________
More information about the New-bugs-announce
mailing list