Message 155906 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	alexis
Recipients	alexis, eric.araujo, j1m, tarek
Date	2012-03-15.16:33:13
SpamBayes Score	2.3893194e-06
Marked as misclassified	No
Message-id	<1331829194.07.0.482928929701.issue14280@psf.upfronthosting.co.za>
In-reply-to

Content
If no MD5 checksum is present on the crawled simple index, then we don't have to check them. This means we introduce a potential security hole here (md5 checksums were added for a reason). What could be done is to explicitely don't check them if asked so. For instance using a --no-checksum flag when running pysetup, or passing a no_checksum argument when using the crawler. Would that work for you? Éric, this is a different issue than the one you pointed out in the sence that one is for local files and the other is for remote indexes. (Of course, local files, will not need checksums as well).

If no MD5 checksum is present on the crawled simple index, then we don't have to check them. This means we introduce a potential security hole here (md5 checksums were added for a reason).

What could be done is to explicitely don't check them if asked so. For instance using a --no-checksum flag when running pysetup, or passing a no_checksum argument when using the crawler.

Would that work for you?

Éric, this is a different issue than the one you pointed out in the sence that one is for local files and the other is for remote indexes. (Of course, local files, will not need checksums as well).

History
Date	User	Action	Args
2012-03-15 16:33:14	alexis	set	recipients: + alexis, tarek, eric.araujo, j1m
2012-03-15 16:33:14	alexis	set	messageid: <1331829194.07.0.482928929701.issue14280@psf.upfronthosting.co.za>
2012-03-15 16:33:13	alexis	link	issue14280 messages
2012-03-15 16:33:13	alexis	create