There is a bit too much clutter in releases by including this many checksums. As md5 is not cryptographically secure and sha1 is showing weakness, just use sha256 only. This is what PyPI uses for packages and has become increasingly common in conda-forge. Only makes sense to follow suit here.
There is a bit too much clutter in releases by including this many checksums. As
md5
is not cryptographically secure andsha1
is showing weakness, just usesha256
only. This is what PyPI uses for packages and has become increasingly common in conda-forge. Only makes sense to follow suit here.