From ca3df803c9afd04d7dee612e0bf321cc62cf900f Mon Sep 17 00:00:00 2001
From: Michael Merickel <michael@merickel.org>
Date: Sun, 4 Nov 2012 12:34:22 -0600
Subject: emit a warning if a user is using the default hashalg to AuthTkt

---
 CHANGES.txt | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'CHANGES.txt')

diff --git a/CHANGES.txt b/CHANGES.txt
index b3733a787..43a910f96 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -48,6 +48,15 @@ Bug Fixes
   attribute of the request.  It no longer fails in this case.  See
   https://github.com/Pylons/pyramid/issues/700
 
+Deprecations
+------------
+
+- ``pyramid.authentication.AuthTktAuthenticationPolicy`` will emit a warning
+  if an application is using the policy without explicitly setting the
+  ``hashalg``. This is because the default is "md5" which is considered
+  insecure. If you really want "md5" then you must specify it explicitly to
+  get rid of the warning.
+
 Internals
 ---------
 
-- 
cgit v1.2.3