On Sat, Jul 16, 2011 at 6:58 AM, Martijn Faassen <[email protected]> wrote: > I wonder whether there are tooling solutions possible to detect this before > it's too late. A public log of what got removed would be useful so people > can keep an eye on things - but for this to be caught it would mean that the > log would need to include recreations as well.
Being a buildout user, if I were to tackle that I'd add something along the lines of SSH's warnings when a host fingerprint changes. I.e., require that package hashes be given (much like you can require that versions be specified) and check those on download. -- Benji York _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
