Re: [Python-ideas] Using sha512 instead of md5 on python.org/downloads

On Fri, Dec 07, 2018 at 08:55:53PM -0800, "Gregory P. Smith" wrote: > Debian provides all of the popular FIPS hashes... [skip] > https://cdimage.debian.org/debian-cd/current/ppc64el/iso-cd/ And they protect the hash files by signing them instead of signing CDs/DVDs. > -gps Oleg. -- Ol

Re: [Python-ideas] Using sha512 instead of md5 on python.org/downloads

On 08/12/2018 05.55, Gregory P. Smith wrote: > > On Fri, Dec 7, 2018 at 3:38 PM Steven D'Aprano > > wrote: > > On Fri, Dec 07, 2018 at 01:25:19PM -0800, Nathaniel Smith wrote: > > > For this specific purpose, md5 is just as good as a proper hash. > But al

Re: [Python-ideas] Using sha512 instead of md5 on python.org/downloads

On Fri, 7 Dec 2018 11:54:59 -0800 Devin Jeanpierre wrote: > On Fri, Dec 7, 2018 at 10:48 AM Antoine Pitrou wrote: > > > If the site is vulnerable to modifications, then TLS doesn't help. > > Again: you must verify the GPG signatures (since they are produced by > > the release manager's private k

Re: [Python-ideas] [Brainstorm] Testing with Documented ABCs

> Interesting. In the thread you linked on DBC, it seemed like Steve D'Aprano and David Mertz (and possibly others) were put off by the verbosity and noisiness of the decorator-based solution you provided with icontract (though I think there are ways to streamline that solution). It seems like synt

Re: [Python-ideas] Using sha512 instead of md5 on python.org/downloads

> On 8 Dec 2018, at 05:14, Steven D'Aprano wrote: > > On Sat, Dec 08, 2018 at 11:05:43AM +0900, INADA Naoki wrote: > >> We already use SHA256 on PyPI. >> Many project in the world moving from md5 to SHA256. > [...] > > > How easy is it to use sha256 on the major platforms, compared to md5? >