Closed nkrabben closed 6 years ago
I have accidentally made such "mixed" bags - as I had large data coming with pre-calculated sha1 hashes, but used sha512 on the tag manifests - but agree that ought to be a SHOULD violation.
At the very least the tools should throw a big red flag about it so that the owners feel the need to change it
How about:
Tag manifests SHOULD use the same algorithms as for the payload manifests in the bag.
This appears to be complete as of #28 merging
I ran across a bag today that used sha256 for the payload manifest and md5 for the tag manifest. While there's nothing technically wrong with this according to the spec, it is awkward to work with. A recommendation to use the same algorithms between manifests would be useful to discourage that type of bag.
E.g Tag manifests should only use the hashing algorithm(s) as the payload manifests present in the bag.