[issue40698] distutils.command.upload md5_digest

2020-05-20 Thread Christian Heimes
Christian Heimes added the comment: Thanks Charis and Donald! -- resolution: -> fixed stage: patch review -> resolved status: open -> closed ___ Python tracker ___ __

[issue40698] distutils.command.upload md5_digest

2020-05-20 Thread miss-islington
miss-islington added the comment: New changeset f541a371a5e608517314a106012e0c19739d2d02 by Miss Islington (bot) in branch '3.9': bpo-40698: Improve distutils upload hash digests (GH-20260) https://github.com/python/cpython/commit/f541a371a5e608517314a106012e0c19739d2d02 -- ___

[issue40698] distutils.command.upload md5_digest

2020-05-20 Thread miss-islington
miss-islington added the comment: New changeset e572c7f6dbe5397153803eab256e4a4ca3384f80 by Christian Heimes in branch 'master': bpo-40698: Improve distutils upload hash digests (GH-20260) https://github.com/python/cpython/commit/e572c7f6dbe5397153803eab256e4a4ca3384f80 -- nosy: +mi

[issue40698] distutils.command.upload md5_digest

2020-05-20 Thread miss-islington
Change by miss-islington : -- pull_requests: +19547 pull_request: https://github.com/python/cpython/pull/20261 ___ Python tracker ___ __

[issue40698] distutils.command.upload md5_digest

2020-05-20 Thread Christian Heimes
Christian Heimes added the comment: Thanks for your elaborate explanation, Donald! I have implemented your proposal in PR 20260. -- ___ Python tracker ___ ___

[issue40698] distutils.command.upload md5_digest

2020-05-20 Thread Christian Heimes
Change by Christian Heimes : -- keywords: +patch pull_requests: +19546 stage: -> patch review pull_request: https://github.com/python/cpython/pull/20260 ___ Python tracker ___

[issue40698] distutils.command.upload md5_digest

2020-05-20 Thread Christian Heimes
Christian Heimes added the comment: Charis pointed me to https://github.com/pypa/warehouse/issues/681 / https://github.com/pypa/warehouse/pull/891 -- ___ Python tracker ___ _

[issue40698] distutils.command.upload md5_digest

2020-05-20 Thread Charalampos Stratakis
Charalampos Stratakis added the comment: There is also https://github.com/pypa/warehouse/pull/888 So I would assume it's safe it change the digest to sha256. -- nosy: +cstratak ___ Python tracker __

[issue40698] distutils.command.upload md5_digest

2020-05-20 Thread Donald Stufft
Donald Stufft added the comment: > Does PyPI support other digests, e.g. SHA2-256 digest? There is a simple and a complicated answer to this. The simple answer is yes, PyPI supports uploads with any combination of MD5, SHA256, and blake2_256 (blake2b with a 256 digest, no personalization or

[issue40698] distutils.command.upload md5_digest

2020-05-20 Thread Christian Heimes
Change by Christian Heimes : -- nosy: +dstufft, eric.araujo, gregory.p.smith ___ Python tracker ___ ___ Python-bugs-list mailing lis

[issue40698] distutils.command.upload md5_digest

2020-05-20 Thread Christian Heimes
New submission from Christian Heimes : The distutils upload command creates a MD5 digest of the file content. This is not compatible with systems with systems that run under a strict security policy that blocks MD5. Possible fixes are: * declare that the MD5 digest is not used for security.