Richard Jones wrote: > On 1 February 2012 19:36, Chris Withers <[email protected]> wrote: >> If you actually cared about security, you'd already be using, recording and >> checking the MD5 checksums provided with each download and would already >> know that this isn't a security loophole. >> >> If you're not, then quit with the security theater. > > I believe the "security theater" of MD5 was proven, and exploits > freely available, back in 2005 :-)
Perhaps we ought to rename the thread to: "Proposal: add SHA hashes to distribution files", then :-) I'd be +1 on that since it does actually add security to PyPI. -- Marc-Andre Lemburg eGenix.com Professional Python Services directly from the Source (#1, Feb 01 2012) >>> Python/Zope Consulting and Support ... http://www.egenix.com/ >>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ >>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ ________________________________________________________________________ ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: eGenix.com Software, Skills and Services GmbH Pastor-Loeh-Str.48 D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg Registered at Amtsgericht Duesseldorf: HRB 46611 http://www.egenix.com/company/contact/ _______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
