Donald Stufft <donald <at> stufft.io> writes: > > I don't think any claim can be made about the relative use between the > two tools by looking at the download counts because their typical use is > generally very different.
I'll try to phrase it more clearly then: I am not *comparing* their relative use. I am simply pointing out that an extremely large number of people install setuptools separately. Whether or not they also use virtualenv is completely irrelevent (but, of course, chances are they don't: otherwise, as you say, they'd use the bundled versions). > But sure you're right whatever does that make > you feel better? Now, please calm down... > Are you trying to claim we shouldn't move to a stronger hash? No, I'm just saying the possibility of regressions isn't as small as you think based on a misinterpretation of how people actually get setuptools installed (many of them get it directly from PyPI). But, yes, we should of course move to something better than md5, and ideally make the format flexible enough to avoid further breakage when switching hashes again. Regards Antoine. _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
