Am Donnerstag, 21. September 2006 16:49 schrieb Vlastimil Babka:
Although the more secure than MD5 part is now questionable, I suppose
the directly available in python part still holds?
From What's new in python 2.5
13.3 The hashlib package
A new hashlib module, written by Gregory P. Smith,
On Thursday 21 September 2006 08:54, Hanno Böck wrote:
I think sha256/512 is the only thing that makes sense at the moment, as it
most probably will stay secure for quite a while and we don't have real
alternatives. So imho use sha256, get rid of everything else, because that
rarely improves
Chris White wrote:
Well, the problem that occurs here is the verification process. With MD5, you
can hit most upstream sites, and they'll have an MD5SUM avaliable that you
can authenticate against.
Well if you care enough to verify this, you can easily create an md5sum
of the fetched
Ferringb recently told me that this info apparently wasn't
mentioned explicit enough in Glep 44:
Manifest2 records do not contain a MD5 checksum. The only guaranteed
checksum type there is SHA1. So once manifest1 is phased out the tree
will not contain MD5 checksums anymore.
This is just a
On Thursday 21 September 2006 09:34, Marius Mauch wrote:
Manifest2 records do not contain a MD5 checksum. The only guaranteed
checksum type there is SHA1. So once manifest1 is phased out the tree
will not contain MD5 checksums anymore.
by guaranteed do you mean guaranteed to be in the records
On Thu, Sep 21, 2006 at 09:49:18AM -0400, Mike Frysinger wrote:
On Thursday 21 September 2006 09:34, Marius Mauch wrote:
Manifest2 records do not contain a MD5 checksum. The only guaranteed
checksum type there is SHA1. So once manifest1 is phased out the tree
will not contain MD5 checksums
On Thursday 21 September 2006 10:00, Brian Harring wrote:
On Thu, Sep 21, 2006 at 09:49:18AM -0400, Mike Frysinger wrote:
On Thursday 21 September 2006 09:34, Marius Mauch wrote:
Manifest2 records do not contain a MD5 checksum. The only guaranteed
checksum type there is SHA1. So once
Mike Frysinger wrote:
ok, but it just seems silly to go cutting MD5 but leaving SHA1 ... if we're
going to be leaving an insecure format, we might as well keep the one that is
a virtual standard in and of itself (MD5)
-mike
GLEP 44 says:
snip
For compability though we have to rely on at
On Thursday 21 September 2006 10:49, Vlastimil Babka wrote:
GLEP 44 says:
touche
-mike
pgpy7mqcfngBq.pgp
Description: PGP signature