Ok so given that:
- There's a readably available solution for Python 2.4+ with the likelihood
being that most users are either using it or using an older version which
doesn't support SSL.
- The number of folks likely to be on Python 2.3 and wanting to install
things
from PyPI is likely to be very small.
- There's possibly a future solution for Python 2.3
- The safety margins for MD5 are gone and cryptographers heavily suggest
moving away from it.
- A revised scheme will break backwards compatibility with the versions of
the tooling that do support a stronger hash.I'm going to go ahead and make this change unless someone comes out and contests moving PyPI to SHA256. I'll give it a bit to make sure no one does have an issue with the move. ----------------- Donald Stufft PGP: 0x6E3CBCE93372DCFA // 7C6B 7C5D 5E2B 6356 A926 F04F 6E3C BCE9 3372 DCFA
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
