Provide hash for HTTP/HTTPS content URIs

ethpm / ethpm-spec

Ethereum Package Manager http://ethpm.github.io/ethpm-spec/

165 stars 30 forks source link

Provide hash for HTTP/HTTPS content URIs #134

Open justinmeiners opened 5 years ago

justinmeiners commented 5 years ago

Although most examples host content on IPFS, the spec suggests that other hosts such as HTTP could be used.

Any URI which contains a cryptographic hash which can be used to verify the integrity of the content found at the URI.

My question is, how should this be applied to HTTP/HTTPS? For example, to pull content from Github, I would also like to verify the download with a hash. How could I specify this hash?

njgheorghita commented 5 years ago

In my opinion, it's really left up to the implementer to verify http(s) content however they desire. In py-ethpm we require http(s) uris to conform to this scheme. This definitely might change down the road, but for now it's what we're going with

njgheorghita commented 5 years ago

You can also check out the Manifest URIs section of the ERC for another option.

justinmeiners commented 5 years ago

@njgheorghita Thanks for this info. I understand its the implementor's job to verify, it would just be nice if there was a standard optional place for putting a hash. Using the URI fragment looks like a good idea.