mirror of https://github.com/pypa/pip
Restore documentation about alternate hash algorithms in URLs.
This commit is contained in:
parent
d541304354
commit
76983f363a
|
@ -532,11 +532,13 @@ strategies <Repeatability>` is available in the User Guide.
|
||||||
Hashes from PyPI
|
Hashes from PyPI
|
||||||
~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
PyPI provides an md5 hash in the fragment portion of each package download
|
PyPI provides an MD5 hash in the fragment portion of each package download URL,
|
||||||
URL. pip checks this as a protection against download corruption. However,
|
like ``#md5=123...``, which pip checks as a protection against download
|
||||||
since the hash originates remotely, it is not a useful guard against tampering
|
corruption. Other hash algorithms that have guaranteed support from ``hashlib``
|
||||||
and thus does not satisfy the ``--require-hashes`` demand that every package
|
are also supported here: sha1, sha224, sha384, sha256, and sha512. Since this
|
||||||
have a local hash.
|
hash originates remotely, it is not a useful guard against tampering and thus
|
||||||
|
does not satisfy the ``--require-hashes`` demand that every package have a
|
||||||
|
local hash.
|
||||||
|
|
||||||
|
|
||||||
.. _`editable-installs`:
|
.. _`editable-installs`:
|
||||||
|
|
Loading…
Reference in New Issue