iamwillbar
commented
5 years ago At a high-level this looks reasonable to me, a couple of concrete examples that tie together in a supply chain would probably help though.
Closed adityasaky closed 4 years ago
iamwillbar
commented
5 years ago At a high-level this looks reasonable to me, a couple of concrete examples that tie together in a supply chain would probably help though.
adityasaky
commented
4 years ago Thanks for the review @trishankatdatadog!
I understand why, but I think the ITE punts too much of the actual implementation to the runtime. There shouldn't be two different hashes for two files, no? But it's conceivable that two different implementations can get two different hashes for the same external resource.
Yes, it's possible, and is part of the compatibility analysis. I'm not sure we can lay down the behaviour of how specific tokens are resolved and the content is hashed in a general manner, but we did consider perhaps a registry of tokens with defined behaviours. However, that'll have to be further down the line and out of scope of this ITE. Do you have other ideas on how we can generalise this?
Should discuss fixing sources of nondeterminism, which are notorious on web resources.
While I think I understand what you mean, do you have some examples I can look at and analyse?
adityasaky
commented
4 years ago Updated with a link to #7 in the document. I think this version can be merged with the current status?
@SantiagoTorres
SantiagoTorres
commented
4 years ago At this point, I think we can merge as draft and continue the discussion in the mailing list with broader feedback from the community
This ITE proposes allowing generic URI schemes to refer to abstract entities in in-toto metadata.