Re: [Distutils] API CHANGE - Migrating from MD5 to SHA2, Take 2

2014-12-01 Thread holger krekel
Hi Donald, On Sat, Nov 29, 2014 at 19:43 -0500, Donald Stufft wrote: On Nov 13, 2014, at 9:21 PM, Donald Stufft don...@stufft.io wrote: Starting a new thread with more explicit details at Richard’s request. Essentially the tl;dr here is that we'll switch to using sha2 (specifically

Re: [Distutils] API CHANGE - Migrating from MD5 to SHA2, Take 2

2014-12-01 Thread Donald Stufft
On Dec 1, 2014, at 4:25 AM, holger krekel hol...@merlinux.eu wrote: Hi Donald, On Sat, Nov 29, 2014 at 19:43 -0500, Donald Stufft wrote: On Nov 13, 2014, at 9:21 PM, Donald Stufft don...@stufft.io wrote: Starting a new thread with more explicit details at Richard’s request.

Re: [Distutils] API CHANGE - Migrating from MD5 to SHA2, Take 2

2014-12-01 Thread Ian Cordasco
On Mon, Dec 1, 2014 at 12:35 PM, Donald Stufft don...@stufft.io wrote: On Dec 1, 2014, at 4:25 AM, holger krekel hol...@merlinux.eu wrote: Hi Donald, On Sat, Nov 29, 2014 at 19:43 -0500, Donald Stufft wrote: On Nov 13, 2014, at 9:21 PM, Donald Stufft don...@stufft.io wrote: Starting a new

Re: [Distutils] API CHANGE - Migrating from MD5 to SHA2, Take 2

2014-12-01 Thread holger krekel
On Mon, Dec 01, 2014 at 12:45 -0600, Ian Cordasco wrote: On Mon, Dec 1, 2014 at 12:35 PM, Donald Stufft don...@stufft.io wrote: On Dec 1, 2014, at 4:25 AM, holger krekel hol...@merlinux.eu wrote: Hi Donald, On Sat, Nov 29, 2014 at 19:43 -0500, Donald Stufft wrote: On Nov 13, 2014,

Re: [Distutils] API CHANGE - Migrating from MD5 to SHA2, Take 2

2014-12-01 Thread Ian Cordasco
On Mon, Dec 1, 2014 at 3:23 PM, holger krekel hol...@merlinux.eu wrote: On Mon, Dec 01, 2014 at 12:45 -0600, Ian Cordasco wrote: On Mon, Dec 1, 2014 at 12:35 PM, Donald Stufft don...@stufft.io wrote: On Dec 1, 2014, at 4:25 AM, holger krekel hol...@merlinux.eu wrote: Hi Donald, On

Re: [Distutils] API CHANGE - Migrating from MD5 to SHA2, Take 2

2014-12-01 Thread holger krekel
On Mon, Dec 01, 2014 at 15:29 -0600, Ian Cordasco wrote: On Mon, Dec 1, 2014 at 3:23 PM, holger krekel hol...@merlinux.eu wrote: On Mon, Dec 01, 2014 at 12:45 -0600, Ian Cordasco wrote: On Mon, Dec 1, 2014 at 12:35 PM, Donald Stufft don...@stufft.io wrote: On Dec 1, 2014, at 4:25 AM,

Re: [Distutils] API CHANGE - Migrating from MD5 to SHA2, Take 2

2014-11-29 Thread Donald Stufft
On Nov 13, 2014, at 9:21 PM, Donald Stufft don...@stufft.io wrote: Starting a new thread with more explicit details at Richard’s request. Essentially the tl;dr here is that we'll switch to using sha2 (specifically sha256). Ping? Are we OK to make this change? --- Donald Stufft PGP: 7C6B

[Distutils] API CHANGE - Migrating from MD5 to SHA2, Take 2

2014-11-13 Thread Donald Stufft
Starting a new thread with more explicit details at Richard’s request. Essentially the tl;dr here is that we'll switch to using sha2 (specifically sha256). Simple API -- Drop the #md5= from the PyPI hosted tarballs and replace it with #sha256, the ~60 or so externally hosted files which

Re: [Distutils] API CHANGE - Migrating from MD5 to SHA2, Take 2

2014-11-13 Thread Richard Jones
+1 thanks for the detail On 14 November 2014 13:21, Donald Stufft don...@stufft.io wrote: Starting a new thread with more explicit details at Richard’s request. Essentially the tl;dr here is that we'll switch to using sha2 (specifically sha256). Simple API -- Drop the #md5= from

Re: [Distutils] API CHANGE - Migrating from MD5 to SHA2, Take 2

2014-11-13 Thread holger krekel
Hi Donald, thanks for the detail and the pre-announcement! I am all for the change but indeed need to check how devpi code is affected (pretty sure it is) and how to accomodate the change. Will see to do so next week and get back to this thread. best, holger On Thu, Nov 13, 2014 at 21:21