Chris Withers wrote: > On 18/07/2011 23:04, M.-A. Lemburg wrote: >> BTW: To address your repeatability/security concerns, the tools you are >> using would also have to store the hash check sum of the downloaded >> packages together with the version. AFAIK, buildout only pins down >> versions, not MD5/SHA1 sums. > > I'm pretty sure there's a hashing extension for buildout downloads.
You mean: an extension that allow pinning versions and hashes or just one that checks the downloads against the hashes provided by the index server (if it does) ? -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Jul 20 2011) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
