On Fri, 7 Dec 2018 09:53:04 +0100 Miro Hrončok <mhron...@redhat.com> wrote: > Hi, > > I see md5 checksums at a release download page such as [1]. > > My idea is to switch to sha512 for a more reliable outcome. > > I'm no security expert, but AFAK md5 is generally believed to be unsafe, > as it was repeatedly proven it can be vulnerable [2].
md5 is only used for a quick integrity check here (think of it as a sophisticated checksum). For security you need to verify the corresponding GPG signature. Regards Antoine. _______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/
