On Sun, Dec 19, 2021, 11:49 AM Steven D'Aprano
> And both the download and the webpage listing the checksum are over https.
> If we don't trust https, the whole internet is broken and changing to a
> stronger checksum won't help. A hypothetical MITM attacker capable of
> breaking https and
Hi,
Have I missed something?
Having the SHA-2 256 in the release email makes it a bit more immutable: my
mailbox is not
reachabable by the same people that can replace the release archives on the
server.
Let's say it's adding a second factor of trust.
Regards.
--
Yann Droneaud
OPTEYA
Hi,
Le 15/12/2021 à 02:42, Gregory P. Smith a écrit :
On Tue, Dec 14, 2021 at 9:06 AM Yann Droneaud
wrote:
Should I open a bug for this issue ?
Makes sense, it is a pretty small change to make to the announcement
format. Filed. https://bugs.python.org/issue46077
Thanks, you
On Tue, Dec 14, 2021 at 9:06 AM Yann Droneaud wrote:
> Hi,
>
> I'm not familiar with the Python release process, but looking at the latest
> release
> https://www.python.org/downloads/release/python-3101/
>
> we can see MD5 is still used ... which doesn't sound right in 2021 ...
> especially
On Tue, Dec 14, 2021 at 11:56:09AM +0100, Yann Droneaud wrote:
> Hi,
>
> I'm not familiar with the Python release process, but looking at the latest
> release
>
> https://www.python.org/downloads/release/python-3101/
>
> we can see MD5 is still used ... which doesn't sound right in 2021 ...
>
On 14/12/2021 11.56, Yann Droneaud wrote:
Hi,
I'm not familiar with the Python release process, but looking at the latest
release
https://www.python.org/downloads/release/python-3101/
we can see MD5 is still used ... which doesn't sound right in 2021 ...
especially since we proved it's