ugh it's late, that was meant to say but doesn't cover all situations (and neither does making things write only). But together things would be *a lot* more secure.
On Wednesday, February 1, 2012 at 4:30 AM, Donald Stufft wrote: > > > On Wednesday, February 1, 2012 at 4:20 AM, M.-A. Lemburg wrote: > > > Richard Jones wrote: > > > On 1 February 2012 19:36, Chris Withers <[email protected] > > > (mailto:[email protected])> wrote: > > > > If you actually cared about security, you'd already be using, recording > > > > and > > > > checking the MD5 checksums provided with each download and would already > > > > know that this isn't a security loophole. > > > > > > > > If you're not, then quit with the security theater. > > > > > > I believe the "security theater" of MD5 was proven, and exploits > > > freely available, back in 2005 :-) > > > > > > > > > Perhaps we ought to rename the thread to: "Proposal: add SHA hashes to > > distribution files", then :-) > > > > I'd be +1 on that since it does actually add security to PyPI. > This is a similar but doesn't also good thing to do. IMO it should be > sha256, (I would say sha512 but there are slowdown issues on older pythons). > > > > -- > > Marc-Andre Lemburg > > eGenix.com (http://eGenix.com) > > > > Professional Python Services directly from the Source (#1, Feb 01 2012) > > > > > Python/Zope Consulting and Support ... http://www.egenix.com/ > > > > > mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/ > > > > > mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/ > > > > > > > > > > > > > > > > ________________________________________________________________________ > > > > ::: Try our new mxODBC.Connect Python Database Interface for free ! :::: > > > > > > eGenix.com (http://eGenix.com) Software, Skills and Services GmbH > > Pastor-Loeh-Str.48 > > D-40764 Langenfeld, Germany. CEO Dipl.-Math. Marc-Andre Lemburg > > Registered at Amtsgericht Duesseldorf: HRB 46611 > > http://www.egenix.com/company/contact/ > > _______________________________________________ > > Catalog-SIG mailing list > > [email protected] (mailto:[email protected]) > > http://mail.python.org/mailman/listinfo/catalog-sig > > > > > > > >
_______________________________________________ Catalog-SIG mailing list [email protected] http://mail.python.org/mailman/listinfo/catalog-sig
