On Sat, Apr 1, 2017 at 5:22 PM, John Lenton <[email protected]> wrote: > On 31 March 2017 at 21:52, Neal Gompa <[email protected]> wrote: >> we >> definitely don't want to use less than SHA256 for snaps. > > note snaps use sha3-384 currently; the above discussion is, as I > understand it, about snapcraft checking upstream checksums at build > time. >
Sure, but it's just as important that the inputs can be trusted for a given snap created by snapcraft, and allowing people to choose weak algorithms is against that. -- 真実はいつも一つ!/ Always, there's only one truth! -- Snapcraft mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/snapcraft
