Am 30.01.2012 22:14, schrieb Chris Withers: > I'm fairly certain PyPI provides MD5 keys for the paranoid...
Indeed. Users wishing to make sure that the source code they manually reviewed stays the same should really record the md5 of the file, and verify that it is still the same file when downloading it again. It appears that buildout has mechanisms to hard-code the md5sum into the recipe. It would be desirable if other automatic download tools offered similar mechanisms. Regards, Martin _______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
