hashin 0.14.5 and canonical pip hashes

31 January 2019   0 comments   Python

https://github.com/peterbe/hashin/issues/105

Prior to version 0.14.5 hashin would write write down the hashes of PyPI packages in the order they appear in PyPI's JSON response. That means there's a slight chance that two distinct clients/computers/humans might actually get different output when then run hashin Django==2.1.5.

The pull request has a pretty hefty explanation as it demonstrates the fix.

Do note that if the existing order of hashes in a requirements file is not in the "right" order, hashin won't correct it unless any of the hashes are different.

Thanks @SomberNight for patiently pushing for this.

Comments

Your email will never ever be published

Related posts

Previous:
How to encrypt a file with Emacs on macOS (ccrypt) 29 January 2019
Next:
Format thousands in Python 01 February 2019
Related by Keyword:
"ld: library not found for -lssl" trying to install mysqlclient in Python on macOS 05 February 2020
Concurrent download with hashin without --update-all 18 December 2018
hashin 0.14.0 with --update-all and a bunch of other features 13 November 2018
hashin 0.12.0 is much much faster 20 March 2018
hashin 0.7.0 and multiple packages 30 August 2016