McSinyx
/
pip
mirror of https://github.com/pypa/pip
1
1
Fork 0
Code Issues Releases Activity

Restore documentation about alternate hash algorithms in URLs.

This commit is contained in:
Erik Rose 2015-10-12 11:51:27 -04:00
parent d541304354
commit 76983f363a
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
docs/reference/pip_install.rst
View File

@ -532,11 +532,13 @@ strategies <Repeatability>` is available in the User Guide.
Hashes from PyPI Hashes from PyPI
~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~
PyPI provides an md5 hash in the fragment portion of each package download PyPI provides an MD5 hash in the fragment portion of each package download URL,
URL. pip checks this as a protection against download corruption. However, like ``#md5=123...``, which pip checks as a protection against download
since the hash originates remotely, it is not a useful guard against tampering corruption. Other hash algorithms that have guaranteed support from ``hashlib``
and thus does not satisfy the ``--require-hashes`` demand that every package are also supported here: sha1, sha224, sha384, sha256, and sha512. Since this
have a local hash. hash originates remotely, it is not a useful guard against tampering and thus
does not satisfy the ``--require-hashes`` demand that every package have a
local hash.
.. _`editable-installs`: .. _`editable-installs`: