> [cut overlong post]
Glyph,
nice sneaky way to try to divert from the original issue. Your whole post
is invalidated by the simple fact that the URL was protected by a hash
(which I repeatedly asked to be upgraded to sha256).
This was the official scheme promoted by PEP-438, which you should know.
But of course your actual intention here is character assassination,
pretending to "rescue" cdecimal and trying to divert from the fact that
the transition to PEP 470 was handled suboptimally.
The very reason for this thread is that the security was silently disabled
WITHOUT me getting a notification. What is on PyPI *now* is not what I
configured!
Please believe me when I say I do not mean the following to be insulting --
people who have done *actual* cryptography to varying degrees often tend
to focus on the important parts and aren't impressed by regurgitating
catch phrases like SSL and man-in-the-middle:
http://cr.yp.to/ecdh.html
The amount of security "experts" in the Python community that pontificate
on any occasion is pretty annoying. What do you think djb thinks of Twisted?
> If anyone wants package-index access to this name to upload Windows or
manylinux wheels just let me know; however, as this is just a proof of
concept, I do not intend to maintain it long-term.
That apparently all you can do: Move bits from place A to place B and not
care how long it took to produce them.
You are a real hero.
Stefan Krah
_______________________________________________
Python-Dev mailing list
Python-Dev@python.org
https://mail.python.org/mailman/listinfo/python-dev
Unsubscribe:
https://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
