[issue14280] packaging.pypi should not require checksums
Changes by Éric Araujo mer...@netwok.org: -- resolution: - out of date stage: - committed/rejected status: open - closed ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14280 ___ ___ Python-bugs-list mailing list Unsubscribe: https://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14280] packaging.pypi should not require checksums
Alexis Metaireau ale...@notmyidea.org added the comment: If no MD5 checksum is present on the crawled simple index, then we don't have to check them. This means we introduce a potential security hole here (md5 checksums were added for a reason). What could be done is to explicitely don't check them if asked so. For instance using a --no-checksum flag when running pysetup, or passing a no_checksum argument when using the crawler. Would that work for you? Éric, this is a different issue than the one you pointed out in the sence that one is for local files and the other is for remote indexes. (Of course, local files, will not need checksums as well). -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14280 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14280] packaging.pypi should not require checksums
Jim Fulton j...@zope.com added the comment: I just clarified that 14279 doesn't imply local files. I'd be fine with a warning about lack of checksums for downloads. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14280 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14280] packaging.pypi should not require checksums
Alexis Metaireau ale...@notmyidea.org added the comment: Right, I'll go for this then. -- ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14280 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
[issue14280] packaging.pypi should not require checksums
Éric Araujo mer...@netwok.org added the comment: I’m not sure that this report should not be merged with #14279, but Alexis will judge that. -- assignee: eric.araujo - alexis title: simple indexes (in wrappers) should not require md5 hashes - packaging.pypi should not require checksums versions: +3rd party, Python 3.3 ___ Python tracker rep...@bugs.python.org http://bugs.python.org/issue14280 ___ ___ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com