You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The hash algorithm must be sha256 or better; specifically, md5 and sha1 are not permitted, as signed wheel files rely on the strong hashes in RECORD to validate the integrity of the archive.
It isn't rigorously obvious what does the "or better" mean in this context.
Request clarification on this & when a response is received - improve the WheelRecord class accordingly.
The text was updated successfully, but these errors were encountered:
Good, that solves that part then. Looks like only SHA-256, SHA-384, and SHA-512 are permitted? That's a bit weird way to state it...
MrMino
changed the title
Reminder: request clarification on "better than sha256" of PEP 427
Constrain allowed hash algos to "better than sha256" of PEP 427
Mar 28, 2021
This has surfaced within #3.
PEP 427 declares the following requirement on the
RECORD
file:It isn't rigorously obvious what does the "or better" mean in this context.
Request clarification on this & when a response is received - improve the
WheelRecord
class accordingly.The text was updated successfully, but these errors were encountered: