pypi and md5 (was: Re: [107076] trunk/dports/python)

[Joshua Root]

On 2013-6-19 08:32 , Ryan Schmidt wrote:
> 
> Can someone please persuade pypi to use a more modern algorithm? Use of only md5 opens them up to vulnerabilities. A malicious developer could replace any module with a functionally different version that has the same md5 hash.

Well yeah, they really should. They're a step ahead of some other
distfile sources that don't publish any hashes though...

- Josh