Consider removing or making MD5 optional #1384
Given tox already has support for generating a SHA-256 Hash, I was wondering if you could consider either removing the use of MD5 completely or simply making it optional.
That would make it possible to run tests for components like python-cryptography in FIPS mode which is currently blocked on tox and would be really useful in many settings where use of FIPS mode is mandatory in general.
I've found 2 usages of md5 in tox:
This seems selfcontained and possibly replacable by:
Here the md5 hash is computed togteher with sha256 and maybe it can be omitted entirely or made optional (if MD5 initialization raises an exception, you skip it).
Would you accept a pull request?
The text was updated successfully, but these errors were encountered:
Seems we could pretty easily switch all of those to be sha256 or some other equivalent hash, it currently gets written into the
$ cat /home/asottile/workspace/tox/.tox/pypy3/.tox-config1 7c85d37487b1dd9996ce400baa8b50da /home/asottile/bin/pypy3 3.13.2 0 0 0 00000000000000000000000000000000 pip == 19.1.1
(another note: looks like the "package" digest isn't used at all -- always