You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Today in simple.py we hard code a NamedTuple of possible digests and a StrEnum equivalent. I'd like to see if we could refactor this to support any digest that PyPI itself offers in the metadata we use. Bandersnatch (unfortunately) uses the non PEP standard "JSON API".
An example metadata can be seen looking at our bandersnatch project metadata. We can see here that it offers multiple hashes per release. We should allow users of bandersnatch to select any Digest offered there that is PEP691 compliant, i.e. hashlib supports.
This will help us just magically support the next new hash hotness when one of these or all become insecure.
The text was updated successfully, but these errors were encountered:
Today in simple.py we hard code a NamedTuple of possible digests and a StrEnum equivalent. I'd like to see if we could refactor this to support any digest that PyPI itself offers in the metadata we use. Bandersnatch (unfortunately) uses the non PEP standard "JSON API".
An example metadata can be seen looking at our bandersnatch project metadata. We can see here that it offers multiple hashes per release. We should allow users of bandersnatch to select any Digest offered there that is PEP691 compliant, i.e. hashlib supports.
This will help us just magically support the next new hash hotness when one of these or all become insecure.
The text was updated successfully, but these errors were encountered: