Closed uilianries closed 2 years ago
Maybe we should enforce that there is a sha256 key too?
Maybe we should enforce that there is a sha256 key too?
I would like that. Require sha256, allow additionally md5 and sha1. Some upstream projects still only publish md5/sha1 checksums, it's okay to add them because of that, but sha256 should be preferred generally.
It could be an warning, but we can't enforce to sah256, because as Croydon mentioned, some projects only provide md5 or sha1.
It could be an warning, but we can't enforce to sah256, because as Croydon mentioned, some projects only provide md5 or sha1.
We could still enforce it. People can calculate the sha256 checksum as always
We could still enforce it. People can calculate the sha256 checksum as always
Yes. Checking on Conan Center Index, we have only 3 recipes using non-SHA-256 checksum. Let's use as an warning now, then fix those recipe, and then we can promote to error level.
$ find recipes -name conandata.yml | xargs grep sha1
recipes/soxr/all/conandata.yml: sha1: "32ea46b1a8c0c15f835422892d02fce8286aec3c"
recipes/uchardet/all/conandata.yml: sha1: de19b7e614f11572582a0d47f7d5d6f8ec649199
$ find recipes -name conandata.yml | xargs grep md5
recipes/innoextract/all/conandata.yml: md5: "964f39bb3f8fd2313629e69ffd3dab9f"
2022-04-28
Hook validation run successfully for 3364 references :tada:
*/master
)Looking forward to those fixes! Thanks!
The entries
['md5', 'sha1', 'sha256', 'url']
can not be used as an empty key. Otherwise, it will be considered an error.fixes #406