Hi, > The more we make progress, the more it seems we won’t be able to avoid > storing multiple hashes.
Yes, it appears to me unavoidable. The question is where store such hashes? At the origin level? At the package level via ’properties’? Using an external service? As Disarchive database? Other? >From my point of view, the bridge between all the hashes should be done by SWH itself. They promote their ’swhid’ which is far less common than Git hashes, for instance. It would make sense, at least to me, that they would provide various maps using different keys. They already somehow provide the map Git+Sha1 to swid, they could also provide NAR+Sha256 to swhid and maybe other serializers checksum to swhid. The world existed before swhid. ;-) The question about the metadata is another question. Perhaps, all is already a work-in-progress. :-) Well, therefore, maybe the step forward is that Guix relies more (or exclusively) on Disarchive-DB when it uses SWH as fallback. Cheers, simon
