Skip to content

pythonPackages.mpv: 0.1#11620

Merged
jagajaga merged 1 commit intoNixOS:masterfrom
Profpatsch:python-mpv
Dec 12, 2015
Merged

pythonPackages.mpv: 0.1#11620
jagajaga merged 1 commit intoNixOS:masterfrom
Profpatsch:python-mpv

Conversation

@Profpatsch
Copy link
Member

@Profpatsch Profpatsch commented Dec 11, 2015

No description provided.

FRidh
FRidh reviewed Dec 11, 2015
View reviewed changes
pkgs/top-level/python-packages.nix Outdated
Copy link
Member

@FRidh FRidh Dec 11, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sha256?

Copy link
Member Author

@Profpatsch Profpatsch Dec 11, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

pypi does md5. As do most packages in this file. Also, what’s wrong with them in this case?

Copy link
Member

@FRidh FRidh Dec 12, 2015

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Both PyPI and nixpkgs repository still use md5 a lot. That is not good. Why?
The idea of the hash is to know for sure you have the file that you want to have. If a source file in the cache or upstream was changed, you want to know that.

Unfortunately, multiple files can be created with the same hash. Doing this on purpose is a collision attack. A collision attack with an md5 hash can be done in mere seconds if I am correct. With SHA-1 and SHA-2(56) it will take a lot longer.

Last month support for SHA-512 was added to Nix. I suppose we soon should start using SHA-512 then.

@domenkozar domenkozar added the 6.topic: python Python is a high-level, general-purpose programming language. label Dec 11, 2015
@jagajaga
Copy link
Member

jagajaga commented Dec 11, 2015

And also please rename commit to pythonPackages.mpv: init at 0.1.

@Profpatsch
Copy link
Member Author

Profpatsch commented Dec 12, 2015

@jagajaga Done.

jagajaga added a commit that referenced this pull request Dec 12, 2015
@jagajaga
Merge pull request #11620 from Profpatsch/python-mpv
8908fa8 
pythonPackages.mpv: 0.1
@jagajaga jagajaga merged commit 8908fa8 into NixOS:master Dec 12, 2015
This was referenced Dec 28, 2020
Open
Open
Open
This was referenced Mar 14, 2021
Open
Open
Open
This was referenced Nov 4, 2022
Open
Open
Open
@Centaurioun Centaurioun mentioned this pull request Dec 25, 2022
Closed
@kaocher82 kaocher82 mentioned this pull request Dec 25, 2022
Open
@snyk-bot snyk-bot mentioned this pull request Dec 26, 2022
Open
@Centaurioun Centaurioun mentioned this pull request Jan 9, 2023
Closed
This was referenced Jan 9, 2023
Open
Open
Open
This was referenced Nov 28, 2023
Open
Open
Open
This was referenced May 14, 2024
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

6.topic: python Python is a high-level, general-purpose programming language.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Profpatsch @jagajaga @FRidh @domenkozar