[issue28555] provid also sha-1 and sha-256 also on download links
Benjamin Peterson
report at bugs.python.org
Tue Nov 8 18:22:44 EST 2016
Benjamin Peterson added the comment:
If python.org can be MITMed, it doesn't matter how secure the hash is.
On Tue, Nov 8, 2016, at 11:17, Big Stone wrote:
>
> Big Stone added the comment:
>
> I fear GPG is not easy stuff for Windows users.
>
> I fear a bunch of people on this network can circomvent DNS and make
> python.org points to the wrong place.
>
> sha-1 instead of md5 would have been an improvement.
>
> ----------
>
> _______________________________________
> Python tracker <report at bugs.python.org>
> <http://bugs.python.org/issue28555>
> _______________________________________
----------
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue28555>
_______________________________________
More information about the Python-bugs-list
mailing list