In message , Charles
Yeomans wrote:
> On the contrary, MD5 was intended to be a cryptographic hash function,
> not a checksum.
Just like MD4 and MD2 before it. They have long since been considered
worthless, and now MD5 has joined them.
--
http://mail.python.org/mailman/listinfo/python-list
Ok here's my proposal for the checksum :
- I'll add the "hash_type:" suffix in the record file
- install will get a new option to define what hash should be used
when writing the RECORD file
it will default to SHA1 for 2.7/3.2
- pkgutil, that reads the RECORD files, will pick the right hash
fu
On Jul 2, 2009, at 1:37 PM, Lie Ryan wrote:
Joachim Strömbergson wrote:
Aloha!
Tarek Ziadé wrote:
The prefix is a good idea but since it's just a checksum to control
that the file hasn't changed
what's wrong with using a weak hash algorithm like md5 or now sha1 ?
Because it creates a depen
Joachim Strömbergson wrote:
> Aloha!
>
> Tarek Ziadé wrote:
>> The prefix is a good idea but since it's just a checksum to control
>> that the file hasn't changed
>> what's wrong with using a weak hash algorithm like md5 or now sha1 ?
>
> Because it creates a dependency to an old algorithm that s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Aloha!
Tarek Ziadé wrote:
> The prefix is a good idea but since it's just a checksum to control
> that the file hasn't changed
> what's wrong with using a weak hash algorithm like md5 or now sha1 ?
Because it creates a dependency to an old algorithm
2009/7/2 Joachim Strömbergson :
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Aloha!
>
> Richard Brodie wrote:
>> "Joachim Str�mbergson" wrote in message
>> news:mailman.2422.1246418400.8015.python-l...@python.org...
>>
>>> Even so, choosing md5 in 2009 for something that (hopefully) will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Aloha!
Richard Brodie wrote:
> "Joachim Str�mbergson" wrote in message
> news:mailman.2422.1246418400.8015.python-l...@python.org...
>
>> Even so, choosing md5 in 2009 for something that (hopefully) will be
>> used in years is a bad design decision
"Richard Brodie" writes:
> Why not write the field as algorithm:value?
> e.g. sha1:8590b685654367e3eba70dc00df7e45e88c21da4
This is reasonable, though I would deprecate md5 and sha1 already, and
start with sha256.
--
http://mail.python.org/mailman/listinfo/python-list
"Joachim Strömbergson" wrote in message
news:mailman.2422.1246418400.8015.python-l...@python.org...
> Even so, choosing md5 in 2009 for something that (hopefully) will be
> used in years is a bad design decision. It creates a dependency for to
> an algorithm that all sensible recommendations po
Joachim Strömbergson writes:
> http://docs.python.org/library/hashlib.html
> I would suggest to use the SHA-256 in the library.
I agree with this. We should even move towards supporting x509 and/or
gpg signatures in eggs, similar to signed .jar files.
--
http://mail.python.org/mailman/listinfo/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Aloha!
Carl Banks wrote:
> On Jun 30, 5:55 pm, Lawrence D'Oliveiro central.gen.new_zealand> wrote:
>> In message , Tarek
>>
>> Ziadé wrote:
>>> I would like to propose this PEP for inclusion into Python 2.7 / 3.2
>>> http://www.python.org/dev/peps/pe
Carl Banks wrote:
On Jun 30, 5:55 pm, Lawrence D'Oliveiro wrote:
In message , Tarek
Ziadé wrote:
I would like to propose this PEP for inclusion into Python 2.7 / 3.2
http://www.python.org/dev/peps/pep-0376/
Why are you using MD5?
I doubt it's the design aim for eggs to be cryptographically
On Jun 30, 5:55 pm, Lawrence D'Oliveiro wrote:
> In message , Tarek
>
> Ziadé wrote:
> > I would like to propose this PEP for inclusion into Python 2.7 / 3.2
>
> >http://www.python.org/dev/peps/pep-0376/
>
> Why are you using MD5?
I doubt it's the design aim for eggs to be cryptographically secur
In message , Tarek
Ziadé wrote:
> I would like to propose this PEP for inclusion into Python 2.7 / 3.2
>
> http://www.python.org/dev/peps/pep-0376/
Why are you using MD5?
--
http://mail.python.org/mailman/listinfo/python-list
On Wed, Jul 1, 2009 at 12:52 AM, Carl Banks wrote:
> On Jun 30, 12:41 pm, Tarek Ziadé wrote:
>> Hello,
>>
>> I would like to propose this PEP for inclusion into Python 2.7 / 3.2
>>
>> http://www.python.org/dev/peps/pep-0376/
>>
>> It has been discussed a lot already in the distutils-SIG, but new
>
On Jun 30, 12:41 pm, Tarek Ziadé wrote:
> Hello,
>
> I would like to propose this PEP for inclusion into Python 2.7 / 3.2
>
> http://www.python.org/dev/peps/pep-0376/
>
> It has been discussed a lot already in the distutils-SIG, but new
> feedbacks are welcome
>
> there's an implementation prototy
Hello,
I would like to propose this PEP for inclusion into Python 2.7 / 3.2
http://www.python.org/dev/peps/pep-0376/
It has been discussed a lot already in the distutils-SIG, but new
feedbacks are welcome
there's an implementation prototype here :
http://bitbucket.org/tarek/pep376/src/tip/pkgut
17 matches
Mail list logo
