IMHO the use of SHA1 in python-django-registration 0.7.2 is a security issue waiting to happen.
The SHA1 hashes used in python-django-registration are publicly visible. An attack against the SHA1 in python-django-registration would not need a compromise of the database first, but can be performed against openly available data. With the depreciation of SHA1 in Django 1.4, the Django project has fixed smaller security issues then the issues that arise from the use of SHA1 in python-django-registration 0.7.2. So keeping python-django-registration on version 0.7.2 would introduce quite an Achilles-heel in the security of Django. Winfried -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
