Message369442
The distutils upload command creates a MD5 digest of the file content. This is not compatible with systems with systems that run under a strict security policy that blocks MD5.
Possible fixes are:
* declare that the MD5 digest is not used for security. Security is provided by TLS/SSL and HTTPS. The digest is just a simple checksum to detect file corruption during upload.
* Remove MD5 digest completely
* Don't create a MD5 digest if ``hashlib.md5(content)`` fails
* Skip the test case if MD5 is not available
Does PyPI support other digests, e.g. SHA2-256 digest? |
|
Date |
User |
Action |
Args |
2020-05-20 11:32:43 | christian.heimes | set | recipients:
+ christian.heimes |
2020-05-20 11:32:43 | christian.heimes | set | messageid: <1589974363.4.0.0200698249561.issue40698@roundup.psfhosted.org> |
2020-05-20 11:32:43 | christian.heimes | link | issue40698 messages |
2020-05-20 11:32:43 | christian.heimes | create | |
|