[python-committers] Re: Publish better than md5sums of Python builds?

2021-03-16 Thread Petr Viktorin
On 16. 03. 21 21:16, Gregory P. Smith wrote: On Tue, Mar 16, 2021 at 9:42 AM Christian Heimes > wrote: On 16/03/2021 16.54, Julien Palard wrote: > Le 2021-03-16 à 15:52, Christian Heimes a écrit : >> could you please explain your use case? Which problem

[python-committers] Re: Publish better than md5sums of Python builds?

2021-03-16 Thread Ned Deily
On Mar 16, 2021, at 16:16, Gregory P. Smith wrote: > The benefit of listing the sha256 for files is that it prevents this question > coming up again and again because md5 is old and rightfully on the "never > use" list for many people. Even if there are situations where it is fine as > an effec

[python-committers] Re: Publish better than md5sums of Python builds?

2021-03-16 Thread Gregory P. Smith
On Tue, Mar 16, 2021 at 9:42 AM Christian Heimes wrote: > On 16/03/2021 16.54, Julien Palard wrote: > > Le 2021-03-16 à 15:52, Christian Heimes a écrit : > >> could you please explain your use case? Which problem are you trying to > >> solve? How would a sha256 checksum help you solve that proble

[python-committers] Re: Publish better than md5sums of Python builds?

2021-03-16 Thread Senthil Kumaran
On Tue, Mar 16, 2021 at 9:42 AM Christian Heimes wrote: > GPG signatures are > problematic because GPG is awful. What is the problem here? Most of the verification for external downloads, at the moment, seems to be via GPG. > Sigstore [2] might become an alternative in the future. TIL. Seems ve

[python-committers] Re: Publish better than md5sums of Python builds?

2021-03-16 Thread Christian Heimes
On 16/03/2021 16.54, Julien Palard wrote: > Le 2021-03-16 à 15:52, Christian Heimes a écrit : >> could you please explain your use case? Which problem are you trying to >> solve? How would a sha256 checksum help you solve that problem? > > No, I'm just forwarding the surprise of a user seen on a r

[python-committers] Re: Publish better than md5sums of Python builds?

2021-03-16 Thread Julien Palard via python-committers
Le 2021-03-16 à 15:52, Christian Heimes a écrit : > could you please explain your use case? Which problem are you trying to > solve? How would a sha256 checksum help you solve that problem? No, I'm just forwarding the surprise of a user seen on a random social network (I'm monitoring the python ha

[python-committers] Re: Publish better than md5sums of Python builds?

2021-03-16 Thread Christian Heimes
On 16/03/2021 14.59, Julien Palard via python-committers wrote: > Hi, > > Someone on Mastodon had me noticed that: > > => https://www.python.org/downloads/release/python-392/ > > gives the md5 sum of Python builds, and that we should probably do better. > > What about sha256? Has it been discus

[python-committers] Re: Publish better than md5sums of Python builds?

2021-03-16 Thread Karthikeyan
This was raised in python.org github issues https://github.com/python/pythondotorg/issues/1227 https://github.com/python/pythondotorg/issues/1512 Regards, Karthikeyan S On Tue, Mar 16, 2021, 7:30 PM Julien Palard via python-committers < python-committers@python.org> wrote: > Hi, > > Someone on

[python-committers] Publish better than md5sums of Python builds?

2021-03-16 Thread Julien Palard via python-committers
Hi, Someone on Mastodon had me noticed that: => https://www.python.org/downloads/release/python-392/ gives the md5 sum of Python builds, and that we should probably do better. What about sha256? Has it been discussed already? Bests, -- [Julien Palard](https://mdk.fr) _