Open justinmeiners opened 5 years ago
In my opinion, it's really left up to the implementer to verify http(s) content however they desire. In py-ethpm
we require http(s) uris to conform to this scheme. This definitely might change down the road, but for now it's what we're going with
You can also check out the Manifest URIs
section of the ERC for another option.
@njgheorghita Thanks for this info. I understand its the implementor's job to verify, it would just be nice if there was a standard optional place for putting a hash. Using the URI fragment looks like a good idea.
Although most examples host content on IPFS, the spec suggests that other hosts such as HTTP could be used.
My question is, how should this be applied to HTTP/HTTPS? For example, to pull content from Github, I would also like to verify the download with a hash. How could I specify this hash?