Closed zifeitong closed 2 months ago
cloudhan
commented
2 months ago I don't think this is a related thing at all. The page referenced is a doc for web developers. The SRI suggested is for validating resources embedded in the html, it just happens to have common meaning with the checksum. This change actually look really bad to me.
zifeitong
commented
2 months ago I don't think this is a related thing at all. The page referenced is a doc for web developers. The SRI suggested is for validating resources embedded in the html, it just happens to have common meaning with the checksum. This change actually look really bad to me.
archive_override() uses SRI for checksum: https://bazel.build/rules/lib/globals/module#archive_override. It's somewhat obscure (e.g. checksum are encoded in base64 instead of hexstring). I added #268 hoping to make it clearer and less verbose.
cloudhan
commented
2 months ago @zifeitong Thanks for pointing out. I am OK with either format. Simply put sha256 is just some old boring format used in practice.
Documented in https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity