1. PyPA
  2. Python Packaging Authority Projects
  3. pypi
  4. Issues


Issue #74 wontfix

MD5 hash is not enough to provide security

anatoly techtonik
created an issue

MD5 hashes are not safe. They should probably be replaced by 'sha1_size' checksums.

Comments (7)

  1. Donald Stufft

    I've suggested getting rid of MD5 a number of times. Eventually my proposals always end up getting shot down because the fact of the matter is that MD5's preimage resistance is not broken yet. If you feel strongly about this I suggest you raise an issue on the distutils-sig mailing list.

  2. Log in to comment