ANN: snapcraft 2.28 has been released
Neal Gompa
ngompa13 at gmail.com
Sat Apr 1 21:27:52 UTC 2017
On Sat, Apr 1, 2017 at 5:22 PM, John Lenton <john.lenton at canonical.com> wrote:
> On 31 March 2017 at 21:52, Neal Gompa <ngompa13 at gmail.com> wrote:
>> we
>> definitely don't want to use less than SHA256 for snaps.
>
> note snaps use sha3-384 currently; the above discussion is, as I
> understand it, about snapcraft checking upstream checksums at build
> time.
>
Sure, but it's just as important that the inputs can be trusted for a
given snap created by snapcraft, and allowing people to choose weak
algorithms is against that.
--
真実はいつも一つ!/ Always, there's only one truth!
More information about the Snapcraft
mailing list