[Buildroot] [PATCH 1/6] python-urwid: bump version and add checksums
Peter Korsgaard
peter at korsgaard.com
Wed Sep 16 09:09:05 UTC 2015
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
Hi,
>> Yeah, the upstream pypi hash URLs are kind of odd. These are the
>> official links though.
> The .hash file is all about trust, IMO. Seeing md5 that is an identity
> function of the URL just makes me feel uneasy. The package URL at
> https://pypi.python.org/pypi/urwid/1.3.0 contains the same link (next to the
> file name), but it looks less easy to trick.
Yes, I agree. As long as we have a stronger hash locally computed it
isn't a big deal, but it would be good if the pypi guys could do
something more sensible. I'm not sure who to contact about that though.
--
Venlig hilsen,
Peter Korsgaard
More information about the buildroot
mailing list