Unfortunately the whole signed mirror system falls down because it relies on md5 hashes (http://www.kb.cert.org/vuls/id/836068) although the signing key seems to be long enough. What would it take to get SHA-2 (or 3) added?
_______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
