Chris White wrote:
Well, the problem that occurs here is the verification process. With MD5, you
can hit most upstream sites, and they'll have an MD5SUM avaliable that you
can authenticate against.
Well if you care enough to verify this, you can easily create an md5sum
of the fetched distfil
On Thursday 21 September 2006 08:54, Hanno Böck wrote:
> I think sha256/512 is the only thing that makes sense at the moment, as it
> most probably will stay secure for quite a while and we don't have real
> alternatives. So imho use sha256, get rid of everything else, because that
> rarely improve
Am Donnerstag, 21. September 2006 16:49 schrieb Vlastimil Babka:
> Although the "more secure than MD5" part is now questionable, I suppose
> the "directly available in python" part still holds?
From "What's new in python 2.5"
13.3 The hashlib package
A new hashlib module, written by Gregory P.
On Thursday 21 September 2006 10:49, Vlastimil Babka wrote:
> GLEP 44 says:
touche
-mike
pgpy7mqcfngBq.pgp
Description: PGP signature
Mike Frysinger wrote:
ok, but it just seems silly to go cutting MD5 but leaving SHA1 ... if we're
going to be leaving an insecure format, we might as well keep the one that is
a virtual standard in and of itself (MD5)
-mike
GLEP 44 says:
For compability though we have to rely on at least one
On Thursday 21 September 2006 10:00, Brian Harring wrote:
> On Thu, Sep 21, 2006 at 09:49:18AM -0400, Mike Frysinger wrote:
> > On Thursday 21 September 2006 09:34, Marius Mauch wrote:
> > > Manifest2 records do not contain a MD5 checksum. The only guaranteed
> > > checksum type there is SHA1. So o
On Thu, Sep 21, 2006 at 09:49:18AM -0400, Mike Frysinger wrote:
> On Thursday 21 September 2006 09:34, Marius Mauch wrote:
> > Manifest2 records do not contain a MD5 checksum. The only guaranteed
> > checksum type there is SHA1. So once manifest1 is phased out the tree
> > will not contain MD5 chec
On Thursday 21 September 2006 09:34, Marius Mauch wrote:
> Manifest2 records do not contain a MD5 checksum. The only guaranteed
> checksum type there is SHA1. So once manifest1 is phased out the tree
> will not contain MD5 checksums anymore.
by "guaranteed" do you mean "guaranteed to be in the rec
Ferringb recently told me that this info apparently wasn't
mentioned explicit enough in Glep 44:
Manifest2 records do not contain a MD5 checksum. The only guaranteed
checksum type there is SHA1. So once manifest1 is phased out the tree
will not contain MD5 checksums anymore.
This is just a remind
