On Tuesday, July 3, 2012 at 9:29 PM, Glyph wrote: > > Or, you know, somebody could maintain the dang software and automate the > process of producing these hashes. I am slightly baffled by the tone of this > thread, like the hash algorithm needs to be set in stone forever. There's a > reason that most software treats hashes as pluggable: new algorithms come out > every few years, you have to expect that your choice will be obsoleted for > some reason (not necessarily just security!) in the future. Granted, there's > no real security in this case, but why not use a hash algorithm with less > probability of collision? > I tend to agree wrt to hashes and I have an outstanding pull request against pip to make it treat hashes as pluggable at least ;)
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig