Donald Stufft <donald <at> stufft.io> writes: > I'm going to go ahead and make this change unless someone comes out and > contests moving PyPI to SHA256. I'll give it a bit to make sure no one does > have an issue with the move.
Your proposal is a little light on specification, unless I've missed it. For example: * How exactly will download URLs change? One would assume they'd have a fragment of 'sha256=...', where they currently have 'md5=...', but can you confirm this? * PyPI's XML-RPC API provides MD5 hashes in result dictionaries using a key 'md5_digest'. How will these result dictionaries change under your proposal? * PyPI's web interface has actions such as 'show_md5', will these stop working? (By actions, I mean query strings such as ':action=show_md5'.) Will new actions be added? I'm not familiar with the change process for PyPI - what is the workflow? For example, are patches posted for review? Regards, Vinay Sajip _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org http://mail.python.org/mailman/listinfo/distutils-sig
