On Jul 3, 2012, at 5:50 PM, PJ Eby <p...@telecommunity.com> wrote:
> Otherwise, we will have this exact same problem all over again when the
> replacement "secure" hash is disabled by a newer version of FIPS.
Or, you know, somebody could maintain the dang software and automate the
process of producing these hashes. I am slightly baffled by the tone of this
thread, like the hash algorithm needs to be set in stone forever. There's a
reason that most software treats hashes as pluggable: new algorithms come out
every few years, you have to expect that your choice will be obsoleted for some
reason (not necessarily just security!) in the future. Granted, there's no
real security in this case, but why not use a hash algorithm with less
probability of collision?
-glyph
_______________________________________________
Distutils-SIG maillist - Distutils-SIG@python.org
http://mail.python.org/mailman/listinfo/distutils-sig