OK. Making MD5 optional in RECORD doesn't seem to be very
controversial any more, and it will make life easier for an entire
class of systems that compile md5() to produce a crash instead of a
message digest. It will not lull anyone into a false sense of security
or degrade performance.
The edit now suggests the installer pick from one of
hashlib.algorithms_guaranteed, currently:
{'sha1', 'sha224', 'sha384', 'sha256', 'sha512', 'md5'}
All valid arguments to hashlib.new(). The hash value is now either
empty, the md5 hexdigest, or the name of the hash, followed by =,
followed by the urlsafe-b64encode-nopad (base64 with trailing =
removed) of the digest.
Does an uninstaller exist that checks the hashes during uninstall?
Daniel Holth
_______________________________________________
Distutils-SIG maillist - [email protected]
http://mail.python.org/mailman/listinfo/distutils-sig
